Rating: 
Summary: Advice for security consultants from security consultants
Review: 'Defend IT' is a novel follow-on to 'Hack IT,' a book I reviewed over two years ago. 'Defend IT' is the authors' response to feedback on their first book, where readers (like myself) claimed the case studies were the best aspect of 'Hack IT.' The vast majority of the new book contains 16 case studies, some of which I found very helpful.
My favorite chapter is 'Disaster All Around' (ch 9), where an Internet-centric insurance company suffers complete destruction of their primary data center. A fire caused by electrical problems exposes the company's lack of a disaster recovery plan and process for resuming business operations. Thanks to hard-working staff, the company was online in 72 hours -- but the CEO was fired! I was pleased to see a disaster recovery chapter in a general security book, as acts of God can be as devastating as the uber hacker who thinks he is God.
I commend ch 2 ('Home Architecture') for insights I find lacking in most books on intrusion detection or incident response. The authors astutely state on p. 26 and 33: 'this incident was not discovered by flashing lights and alerts set off by an IDS... In fact, there was no early indication of a network compromise.' This explains the authors' next recommendation: 'It is a good idea to keep access logs that are as detailed as possible -- at least with respect to inbound and outbound connections... Though you may not use these logs on a regular basis, for those instances when you need them, especially including investigations of network compromise, they are invaluable." Exactly!
'Defend IT' suffered a few problems. Ch 3 features listing 3.1, which supposedly shows 'TCP SYN' packets part of a denial of service attack. Listing 3.1 doesn't show a single SYN packet, although many PSH ACK, UDP, and ICMP packets appear. Listing 3.2 claims to show SYN ACK packets from the DoS target, but only RST ACK packets from the victim and null TCP packets (with no flags set) from the attackers. Ch 3 also says 'DSL features fast download speeds... but slow upload speeds... ADSL features both fast upload and download speeds.' This is backwards; the 'A' in ADSL stands for 'asymmetric,' meaning faster downloads than uploads. I also found unnecessary redundancies in the forensics section, where two chapters (14 & 16) by the same author repeated material. I didn't think the conclusion matched the tone or content of the rest of the book, as it featured a hodge-podge of security technologies while the other 300 pages discussed case studies.
Overall, I enjoyed reading 'Defend IT.' I thought the chapters which featured network diagrams were enlightening, as information on real-world architectures can sometimes be difficult to find. I would caution the authors to ensure a second edition has slightly more current case studies. Ch 4, for example, suffers the myth that 'too few packets' on a wireless LAN is protection against cracking WEP; see the recent 'Wi-Foo' book for the real deal. Also, be careful when sanitizing data about clients. GPS coordinates and street names in screen shots might give away the farm, especially when readers have access to online business directories.
Rating:
Summary: Should mention email and browsers more prominently
Review: A nice management level discussion of securing an IT network against attackers. The authors have pitched their overall presentation towards a concerned manager, who may not necessarily have a technical background. Some sections do indeed require a bit of the latter. For example, the usages of network programs like nmap and tcpdump given in the first chapter may not mean too much to you. But most of the book shies away from instances of actual code. Generally, it suffices for you to know that certain programs and certain types of programs can be used against your network.The authors assume reasonably that for specific countermeasures being implemented, there are technical people in your organisation (perhaps reporting to you) that can implement these. Essentially, the book has a good level of abstraction. It could, however, do with more discussion of email and browsers. Like mentioning them in the index, for starters. These are still the first and second killer applications of the Internet. It is how most of your users will interact with the net. Granted, the book cites examples involving these. But perhaps a more prominent discussion, of how these usages might permit attacks or unwanted entries into your network, would be handy.
Rating:
Summary: Learn from real case studies...
Review: Defend I.T. is a collection of case studies from the authors experiences in the field. The case studies are representative of the vast array of security consulting engagements they see in the computer security, forensics, and data privacy arena. It consists entirely of case studies, and that is different. It covers topics ranging from war dialing, wireless security, computer viruses, computer forensics, HIPAA assessment and social engineering. People tend to relate better and comprehend more when issues are presented as real life examples. Information Security is a challenging area. Organizations face security issues every day, but due to the need for confidentiality around these issues they are reluctant to share lessons learned with their peers and other organizations. This book fills a need. The authors provide the lessons learned in an anonymous fashion so readers can benefit from their experience as well as the experience of other organizations. The book attempts to illustrate the breadth and scope of knowledge a security consultant should have - covering both the technical and soft skills necessary to be successful in the field. As stated earlier the book provides perspective and advice on real life security issues many organizations are struggling with. Whether the OS is Linux or Windows-based, the issues are similar. The cases cover many OS's and issues your readers would be dealing with. The book allows businesses to learn from the mistakes - and successes - of other organization's responses to (commonly occurring) security incidents. Check it out!!
Rating:
Summary: Learn from real case studies...
Review: Defend I.T. is a collection of case studies from the authors experiences in the field. The case studies are representative of the vast array of security consulting engagements they see in the computer security, forensics, and data privacy arena. It consists entirely of case studies, and that is different. It covers topics ranging from war dialing, wireless security, computer viruses, computer forensics, HIPAA assessment and social engineering. People tend to relate better and comprehend more when issues are presented as real life examples. Information Security is a challenging area. Organizations face security issues every day, but due to the need for confidentiality around these issues they are reluctant to share lessons learned with their peers and other organizations. This book fills a need. The authors provide the lessons learned in an anonymous fashion so readers can benefit from their experience as well as the experience of other organizations. The book attempts to illustrate the breadth and scope of knowledge a security consultant should have - covering both the technical and soft skills necessary to be successful in the field. As stated earlier the book provides perspective and advice on real life security issues many organizations are struggling with. Whether the OS is Linux or Windows-based, the issues are similar. The cases cover many OS's and issues your readers would be dealing with. The book allows businesses to learn from the mistakes - and successes - of other organization's responses to (commonly occurring) security incidents. Check it out!!
Rating:
Summary: Fun and enlightening security read
Review: Defend IT book review I was not a major fan of the author's previous book "Hack I.T.', thus I was a bit skeptical about this one. However, this book delivers! It reminded me of "Hackers Challenge" 1 & 2 books (which I loved it), because the information in the book is structure around the realistic (or maybe even real) cases, illustrating various security aspects. The stories in the book cover a wide range of issues: from building a secure network from small business all the way to social engineering. Worm/virus infections, wireless security assessments, web applications, forensic investigation, security policy issues, DR and BCP, picking the right NIDS all find their place in the book. Especially, I loved the way they approached a usually boring subject of creating and implementing a security policy and DR planning. The policy case describes everything from 'why you need a policy' to security awareness and compliance verification. Executive fraud case was also lots of fun to read. Also, this is the first security book I've seen that explicitly mentions regulations and compliance issues. I liked their take on 'HIPAA in plain English.' Another great item were various response flowcharts for virus infection, attacks, etc. On the downside, the book does contain some technical errors. I would have discounted them as typos, but they look like the actual hands-on skills of the authors are getting rusty in some areas ('tcpdump', 'nmap', etc). In any case, the book's value lies more in the approach to explaining security, rather than in teaching all the 'nmap's command line options. The cases are detailed enough to engross the reader and I was sometimes wondering 'how it will end', like I would with a good fiction book. This book is both fun and enlightening. To conclude, while there is no substitute for actually experiencing the things covered in the book, reading about it will help aspiring and actual infosec pros. Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Rating:
Summary: Fun and enlightening security read
Review: Defend IT book review I was not a major fan of the author's previous book "Hack I.T.', thus I was a bit skeptical about this one. However, this book delivers! It reminded me of "Hackers Challenge" 1 & 2 books (which I loved it), because the information in the book is structure around the realistic (or maybe even real) cases, illustrating various security aspects. The stories in the book cover a wide range of issues: from building a secure network from small business all the way to social engineering. Worm/virus infections, wireless security assessments, web applications, forensic investigation, security policy issues, DR and BCP, picking the right NIDS all find their place in the book. Especially, I loved the way they approached a usually boring subject of creating and implementing a security policy and DR planning. The policy case describes everything from 'why you need a policy' to security awareness and compliance verification. Executive fraud case was also lots of fun to read. Also, this is the first security book I've seen that explicitly mentions regulations and compliance issues. I liked their take on 'HIPAA in plain English.' Another great item were various response flowcharts for virus infection, attacks, etc. On the downside, the book does contain some technical errors. I would have discounted them as typos, but they look like the actual hands-on skills of the authors are getting rusty in some areas ('tcpdump', 'nmap', etc). In any case, the book's value lies more in the approach to explaining security, rather than in teaching all the 'nmap's command line options. The cases are detailed enough to engross the reader and I was sometimes wondering 'how it will end', like I would with a good fiction book. This book is both fun and enlightening. To conclude, while there is no substitute for actually experiencing the things covered in the book, reading about it will help aspiring and actual infosec pros. Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Rating:
Summary: An interesting twist on security books...
Review: I just finished reading an interesting book called Defend I.T. - Security By Example by Ajay Gupta and Scott Laliberte (Addison-Wesley). This is a series of real-life case studies of security issues faced by actual companies.
The chapter breakdown: Getting to Know the Enemy: Nmap the Target Network; Home Architecture; No Service For You!; Look, Ma, No Wires!; Virus Outbreak 1; Virus Outbreak 2: The Worm; Changing Face; Protecting Borders: Perimeter Defense with an IDS; Disaster All Around; Security Is the Best Policy; HIPAA: Security by Regulation; A War-Dialing Attack; A Low-Tech Path into the High-Tech World; Industrial Espionage; Executive Fraud; Cyber Extortion; Conclusion; Recommended Reading; Index
As you can tell from the chapter breakout, it's not all about hackers and crackers. Security is often the mundane task of writing policies and enforcing regulations. Gupta and Laliberte draw upon experience from their past consulting engagements to look at these various issues with a sense of realism that is often missing in these types of security books. Most companies that suffer some sort of security breach don't want any news whatsoever of the incident leaking out. While the authors don't use real company names, the actual incidents did happen. You can learn from them before you find yourself in the same position.
There is a reasonable balance between detail and concept in the various chapters. Management will be able to follow along and understand what type of issues are at stake. The techies will be able to glean enough technical detail to help prevent the same type of issues from occurring to their company. Overall an interesting and unique take on the subject of security...
Rating:
Summary: Case studies of real computer security problems
Review: I. T. professionals learn best by doing and second best by learning what others have done. The two primary authors, who are also acting as editors, have taken their work and the contributions of seven other contributing authors to create a series of sixteen case studies of actual problems that have arisen in computer security. Of course, when necessary, the names of individuals and organizations have been changed, but if you follow the instances of security problems reported in the trade journals, some reasonable guesses can be made. Therefore, in this case, you are learning the principles of computer security by finding out how the pros handled the problems.
The sixteen case studies are:
*) Getting to know the enemy: Nmap the target network - how to learn the significant characteristics of a network you may want to penetrate.
*) Home architecture - the topology of the network and how it can lead to security weaknesses.
*) No service for you! - how to recognize and fend off a denial-of-service attack.
*) Look, Ma, no wires! - how to construct and test a secure wireless network.
*) Virus outbreak I - how to recognize and remove a virus on a large network.
*) Virus outbreak II: the worm - how to recognize and remove a polymorphic worm.
*) Changing face - how to harden a web site so that it is not defaced.
*) Protecting borders: perimeter defense with an IDS - choosing, installing and configuring an intrusion detection system.
*) Disaster all around - how to plan for and deal with a disaster that destroys your primary physical location.
*) Security is the best policy - how to write and implement a security policy.
*) HIPAA: security by regulation - how to deal with the security requirements posed by a governmentally mandated compliance.
*) A war-dialing attack - how to stop the hacker who tries to penetrates a system via an insecure modem.
*) A low-tech path into the high-tech world - how to prevent attacks based on social engineering.
*) Industrial espionage - how to keep spies for competitors from learning your secrets.
*) Executive fraud - how to gather electronic evidence to prosecute corporate fraud.
*) Cyber extortion - how to deal with an attempt to hold your computers or data hostage.
Each of the cases begins with some background concerning the situation and any preconditions to the problem. The next step is a description of the situation and the circumstances that caused a security problem to be identified. It then concludes with information about how the problem was handled and any weaknesses in the system that allowed the problem to occur.
This is a very good book for learning some of the basic security problems that are encountered by I. T. security professionals on a daily basis and how they are solved. It is not a how-to book, in the sense that you are given a numerical sequence of steps to perform. I recommend it to all persons who work as or aspire to be a computer security professional.
Rating: 
Summary: Read it cover-to-cover
Review: It's been a long time since I read a technical book cover-to-cover as I did with this book. The case studies are almost like detective stories. The reader wants to know how they end and what the authors learned. Too many technical books these days are both too dense and too full of errors. Perhaps those are related. The books are so dense that neither the author nor the editors find the mistakes. This book was easy to read cover-to-cover because it's concise, clear, accurate, entertaining, and informative. The choice of topics for the case studies is good: reconnaissance missions, wireless networks, virus infections, denial of service attacks, HIPAA, computer forensics, etc. I learned a lot from the book and enjoyed myself while learning. The book will also serve as a good reference. I imagine I will refer to it quite often as I solve problems that are similar to the ones covered in the book. Definitely a five-star book in my opinion.
Rating:
Summary: Learn Security By Example Using Case Studies
Review: The authors of Defend I.T.: Security By Example, teamed up previously to write Hack I.T.. The previous work was more along the lines of the hacking genre of books such as Hacking Exposed or Counter Hack, providing detailed explanations of various attacks to use in performing a penetration test of your network.
Books like that are great for those with the knowledge and skills to make sense of them, but people who aren't as technical and don't necessarily work the front lines of network security such as managers and executives can still benefit from having an understanding of how such attacks can impact their company and a high-level understanding of how to defend against them.
This book is not written for someone with zero technical knowledge. It does assume a certain level of understanding, but the case studies help to illustrate how the various attack techniques in the other type of books can be used and how you can protect your network.
This book is similar to the Hacker's Challenge books in that it provides real-world scenarios, except that rather than solving the puzzle on your own the solution is included in the story like a short mystery.
Managers of I.T. departments or security personnel and those who control the security budget would benefit from reading a book like this to understand what their people are up against. Those who actually work the front lines would still benefit from being able to associate information with real-world examples and applications.
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).
|
