Security Warrior

Part I, "Software Cracking," was my favorite section. This material is largely not for beginners, which marked a welcome change from many competing books. Part I gave an introduction to assembly language, followed by reverse engineering exercises on Windows, Linux, and Windows CE. I admit a good portion of the section was beyond my skill level, but I was able to "patch" binaries to alter program flow and even use a buffer overflow to execute previously unreachable code in a sample program. These sorts of "hands-on" exercises were informative and enjoyable.

In the second part, "Network Stalking," I was pleased to see page 181 correctly state the role played by TCP sequence numbers. (Many authors are confused by this concept, oddly.) An entire chapter on social engineering advice was certainly novel. For the rest of the book, my favorite chapter (number 10) discussed techniques to frustrate forensic analysis. A fairly brief chapter on SQL injection made good points as did an examination of mathematics' role in intrusion detection in chapter 19.

My only real criticism of SW centers on inclusion of generic security information. I didn't mark the book down for chapters on securing UNIX, for example, as the material is sound. However, if you've got PUAIS you can skip chapters 11 and 12.

SW has something for everyone in the security community. It's a broad survey of current security issues, ranging from detailed analysis of assembly language to case studies on incident response. The authors have packed a lot of value into their 500+ page work.

Rating:
Summary: Don't be fooled by the skinny Sumo wrestlers...
Review: ..."Security Warrior" is a heavyweight contender. Peikari and Chuvakin offer a dark counterpart to O'Reilly classics like "Practical UNIX and Internet Security" (PUAIS) and "Securing Windows NT/2000 Servers for the Internet." If you've been waiting for the next good security book from O'Reilly, "Security Warrior" (SW) is it.

Part I, "Software Cracking," was my favorite section. This material is largely not for beginners, which marked a welcome change from many competing books. Part I gave an introduction to assembly language, followed by reverse engineering exercises on Windows, Linux, and Windows CE. I admit a good portion of the section was beyond my skill level, but I was able to "patch" binaries to alter program flow and even use a buffer overflow to execute previously unreachable code in a sample program. These sorts of "hands-on" exercises were informative and enjoyable.

In the second part, "Network Stalking," I was pleased to see page 181 correctly state the role played by TCP sequence numbers. (Many authors are confused by this concept, oddly.) An entire chapter on social engineering advice was certainly novel. For the rest of the book, my favorite chapter (number 10) discussed techniques to frustrate forensic analysis. A fairly brief chapter on SQL injection made good points as did an examination of mathematics' role in intrusion detection in chapter 19.

My only real criticism of SW centers on inclusion of generic security information. I didn't mark the book down for chapters on securing UNIX, for example, as the material is sound. However, if you've got PUAIS you can skip chapters 11 and 12.

SW has something for everyone in the security community. It's a broad survey of current security issues, ranging from detailed analysis of assembly language to case studies on incident response. The authors have packed a lot of value into their 500+ page work.

Rating:
Summary: Phenomenal Book about the "Dark Side of Security"
Review: A programmer friend of mine recently opined to me that security books tend not only to inform the "good guys" (sys admins and network security folk) about how attacks and hacker invasions occur, but also the "bad guys." I suspect most of the so-called "bad guys" already know the information presented in books like these. And if the "bad guys" already know most of the tricks, what better way to fight them than to use those "tricks" against them?

This is the book's main purpose, to show the reader computer security from the perspective of the person trying to attack and invade your computer or network. This is clearly not a book for beginners, as the book's introduction states this. It is for system admins and others interested in learning all they can about computer security. It truly provides a wealth of information in its 500 pages about different ways those so inclined can wreak havoc on your computer system or network.

There are chapters on "reverse engineering" programs (after a brief introduction to assembly language which the book points out gives you lots of control over a computer's CPU). These are ways you can reverse engineer programs in Windows, Windows CE (interesting how before reading this book I'd never given thought to how handheld devices could also be attacked and/or infected with virii or worms), and Linux. This of course proves that even the Linux OS is not as secure as some might think.

I liked the chapter on social engineering because it proves how you can infiltrate a system by researching the company for specific names and charm your way into getting sensitive information, which leads into "online reconnaissance" and also ways to hide your tracks (or is this known as "covering your ass?) so you don't get caught?

There's a whole section of the book that describes attacks on various platforms (Unix, Windows Client & Windows Server, SQL and Wireless) and the book's last section describes methods of defense against them.

This is a book with an amazing amount of information that at first glance may scare the living daylights out of some sys admins when they learn of the relative ease with which a system can be compromised. Then again, most security experts know of the risks and dangers involved with computer security. And I've always felt that to defend yourself against an attack, you should "know the enemy." This book offers lots of ways and "tricks" to do just that.

Rating:
Summary: Excellent security reference
Review: As is the case in the physical world, when providing computer security the optimal approach is to be proactive. Security Warrior is about taking such a preventive approach to computer predators.

Attackers are often highly skilled, and the authors have adopted the premise that the only way to defend a network is to understand the motives of a hacker. With its peek into hacker psychology, this book isn't for the fainthearted.

Nor is it for novices. Chapters one through five mine the nitty-gritty of assembly language and software engineering of Windows and Linux systems. These chapters and much of the rest of the book delve deeply into the "C" programming language, so basic familiarity with that language is highly recommended.

Ensuing chapters go from the network layer to various software platforms, detailing the precise steps that an attacker will take to enter a network or software application. The vulnerabilities are clearly defined, but the book really shines when it provides detailed instructions on how systems can be protected.

Security Warrior is written for advanced system administrators charged with network or system security. Corporate security professionals may be intimidated by the book, but they would do well to get a copy to the appropriate person in their organization. That would be the proactive thing to do.



Rating:
Summary: Save your money
Review: I do not understand the 5-star reviews. To me, this book was useless. I blame not the authors, but the editor. To me, the book seems to alternate rapidly between novice-level triva and material of interest only to the experienced security engineer (I work in system security). I simply can't imagine any one skill level or interest set for whom this volume would be appropriate. O Reilly's mark on a book used to be an assurrance of quality, but I advise the potential buyer to review this one before forking over your hard-earned money.

Rating:
Summary: A lot of ground
Review: I've grown tired of books that simply inventory hacking tools. These authors delve deep and explain how things work. Awesome!!

This is an amazing book, covering an incredible amount of ground. I had a little trouble following some of the details on IDA Pro, but the authors were very responsive and helpful. This is the kind of book You'll want to read and re-read. I've got the chapters on software Reversing dog-eared already. The book is very well organized and well worth the investment.

Rating:
Summary: Sleeping Well? This will help that!
Review: If you're one of those people with a sneaking suspicion that running a variety of Linux (or almost any other operating system) out of the box might not be the most secure thing, this book is for you.

It gives the how's of software cracking and network instrusion, and then gives you some practical advice on hardening your system against them.

This book is written with the advanced user in mind, and includes many specific's that will help you better understand the security issues you face.

Rating:
Summary: very helpful
Review: In the preface the authors say that you might enjoy this book if you "... want a single volume that can quickly rachet your knowledge level upward by a few notches." That's a good way to put what this book does for you.

Part 1 covers software cracking. It provides a thorough introduction to the field. I discovered a lot of useful tid-bits and techniques throughout the book. For example, I just didn't know you could customize your gdb sessions by using macros in a .gdbinit file.

Part 2 covers network stalking. At first glance I though I might skip this section, because I'm familiar with the concepts. I'm glad I didn't, because there's nothing stale here. I picked up a few useful tidbits of information in each chapter that I didn't know.

Part 3 covers platform attacks. Familiar ground for most of this books target audience, but there was much fresh information in here. It's as if the authors have read the same books as the rest of us and specifically chosen to research and expand upon areas that were left out of those books.

Part 4 covers advanced defense. This part of the book is very useful. Log file aggregation, IDS, honeypots, and forensics techniques are some of the more significant discussions. I found the case study on setting up SNORT with ACID particularly helpful.

I can't think of a better way to describe it than the authors did in the preface, "ratchet your level of knowledge upward by a few notches." Folks in the trenches will find this quite helpful and enjoyable to read.

Rating:
Summary: Know Your Enemy
Review: In today's interconnected word, it is a race between those who wish to exploit a system, and those who are working to defend it. Security Warrior presents a unique approach in that it not only explains the traps, but also goes in depth on how these traps and exploits actually work.

The author presents each chapter with information about specific exploits, then goes into the actual exploits themselves. The book is geared towards the security professional, and novice users could find the amount of information that is presented overwhelming and confusing. At the end of each chapter is a resource section that invites the read to continue learning about a particular pitfall by providing more books and online sources for information.

One of the caveats of this book is the fact that in the wrong hands it can actually be used against the very systems the author wanted to defend. The amount of technical detail is so great, that a skilled hacker or cracker could take this book and use it as a resource in his toolkit. It is the classic situation of you can't fix the problem without knowing what the problem is.

Don't pick up this book if you want an overview of general computer security; you will be lost in the information overload. Do pick this book up if you are a security administrator or systems administrator and want to take a proactive approach in securing your systems against attack.