Technical books of more than 350 pages are not meant to be read in one helping, like mystery novels.
But it is indeed very hard to put this book down when opened. If you do not believe that an infosecurity book can be that interesting, all you need to do is pick up a copy of Hacker's Challenge by Mike Schiffman.
The book weaves through 20 real-life stories of network security attacks. They range from small e-commerce retailer attacked by hackers to biotech firms suffering from economic espionage, and big banks hit by hijacked email.
The author presents the situation as it unfurled in front of security professionals investigating the case. A lot of evidence in the form of network topologies, timed event logs, firewall rules, access control logs and packet dumps is presented. For some of the cases the complete source code of a malicious program is provided for the reader. In the end, several questions are asked. The questions range from simple identification of a well-known attack, from intrusion detection or system logs, all the way to restoring the complete sequence of events that lead to an attack.
In addition, the reader should propose prevention and mitigation strategies for the attack. It turns out that for many described attacks prevention strategy is much simpler than mitigation. Security measures that will stop the attack from occurring will be much less expensive than incident response and fixing the problem after the fact. The scenarios will teach a reader many things, most of them well-known, but little practiced, such as hardening the systems facing the Internet, and researching the new technologies before deployment.
"Solving the case" can be as easy as recognizing the IIS overflows in http strings or as hard as analyzing non-standard IP flags, or knowing peculiar flaws in cable modem routers or VPN clients. Some cases might completely confuse you for a while, but then after some hard thinking you will reach the hidden truth. The setup described by the author might look completely bulletproof, but was compromised anyway by a clever intruder. The scope of security knowledge necessary to successfully solve all presented cases is immense. The book takes the reader into the realm of hidden Solaris root kits and system call traces, touches upon Mac Apple file sharing attacks, discusses Linux kernel modules and reveals multiple vulnerabilities of wireless technologies.
The book is based on modern attacks that involve wireless attacks, denial-of-service, IIS attacks, hidden backdoors, Apple hacking, etc. It also hints at many limitations of modern security technologies. For example, a VPN client that stores a password in an easily recoverable form can be stolen and used by attacker to connect to the internal network.
Solutions to the scenarios and mitigation strategies are provided by security consultants from well-known security companies such as Guardent, @Stake, Foundstone, NetSec and others.
Anton Chuvakin, Ph.D., is a senior security analyst with netForensics (www.netforensics.com), a security information management company that provides real-time network security analysis solutions.
Title: Hacker's Challenge
Author: Mike Schiffman
Publisher: U.S.: McGraw-Hill Professional Publishing
U.K.: Osborne McGraw-Hill