Hack Proofing your Network: Internet Tradecraft - Softcover

Review

Endorsed by no less than the hacker god, Kevin Mitnick, himself, Hack Proofing Your Network is a collaborative work, with contributions from a dozen or so network security experts, many of whom were prominent in the hacking community until fairly recently. Now these poachers have turned gamekeeper and are selling their expertise to corporate networks anxious to prevent people like them from hacking their systems.

The book is based on the rather shaky premise that you need a thief to catch a thief and so the best way to make sure your network security is up to scratch is to use "real world" hacking techniques to test it. To this end the book covers a wide remit, covering such areas as the hacker psyche, classes of attack, cryptography, buffer overflows, remote attacks, spoofing and viruses. The book is littered with fragments of sample hacking code, backed with URLs for hacking "resources". There is even a line-by-line analysis of the Melissa worm. Unfortunately, while there are plenty of examples of hacking code and tricks, the book is suspiciously light on measures you could take to prevent such attacks.

Overall, the book suffers from a lack of structure, being constructed from a large collection of hacker "nuggets" and this, coupled with the large number of authors makes Hack Proofing a rather bitty concoction, occasionally lacking coherence.

Whether the book will give you useful insights in to tightening security depends on your attitude to "ethical hackers". If you favour the concept, then this book will undoubtedly help you get inside the mind of the hacker and the tools they use. If you don't, then you will view this book as a thinly disguised Hacker's Handbook. --Roger Gann

From the Author

If you don't hack your systems, who will?

One of the reasons I put this book project together is that I believe security professionals should be hackers. In this case, by hackers, I mean people who are capable of defeating security measures. This book purports to teach people how to be hackers. In reality, most of the people who buy this book will do so because they want to protect their own systems and those of their employer. So, how can you prevent break-ins to your system if you don't know how they are accomplished? How do you test your security measures? How do you make a judgement about how secure a new system is?

When you're through reading Hack Proofing Your Network, you'll understand terms like 'smashing the stack,' 'blind spoofing,' 'building a backward bridge,' 'steganography,' 'buffer overflow' and you'll see why you need to worry about them. You will learn how to protect your servers from attacks by using a 5-step approach:

1. Planning

2. Network/Machine Recon

3. Research/Develop

4. Execute Attack and Achieve Goal

5. Cleanup

And you'll understand the theory of hacking, how to fend off local and remote attacks, and how to report and evaluate security problems.

The Only Way to Stop a Hacker Is to Think Like One.

---Ryan Russell, Hack Proofing Your Network