Building Open Source Network Security Tools: Components and Techniques

It offers you a very good overview about the most known packet contruction, modification and analizys libraries used in most widely network security tools.

Even though, if you are just curious about the way things work, this book still is a very good buy, because in a easy and clear way you will understand the way to use these libraries.

If you have any doubts, you can just send an email to the author, and guess what! He always reply to you!

To finish, I just want to say...Thanks Mike!
Keep up the good work!

Rating:
Summary: Man Page Reprint
Review: If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extermely dissappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.

Rating:
Summary: Incredibly useful
Review: It is rare to find that such an in depth book on coding is this easy to read and understand It's really encouraging me to get off my [butt] and to start doing some coding again.

Rating:
Summary: a must-have reference book
Review: It looks like I can now pull down all the pcap and libnet source (and header) file printouts which are taped around my cube. This book is the reference book that I have been looking for. *The* definitive reference book for libnet, pcap, openssl, and more. Great book!

Rating:
Summary: Sweet and To The Point
Review: My review is much like the book, sweet and to the point! The chapters and sample code that go along with them are thoughfully put together and well written. This is by far the best security reference book I've gotten my grubby hands on! I also received that Libnet mailing and the request for positive feedback was obviously done in a humerous, tongue and cheek fashion. If you've ever read Phrack magazine, you'd understand the authors humor. Go out and buy this book, you won't be disappointed!

Rating:
Summary: No Windows developers
Review: Prospective buyers should know that this book is UNIX-centric and won't benefit Windows developers much. I guess this is reasonable since Open Source is mostly a UNIX phenomenon.

Rating:
Summary: Refreshing Networking Security material!
Review: There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.

Rating:
Summary: A must read for all Security Programmers
Review: This book is an excellent source for application programmers who want to quickly develop state of the art network security tools. The book was well-organized and provided sample programs to reinforce the key points of each chapter. More importantly than just the sample code is how clearly and detailed each chapter is laid out and illustrates the finer points to programming network security tools using the profiled components. One key point I found reading the book was the level of sophistication and knowledge the author possess in security was outstanding. I would definitely recommend this book to all programmers both new and old will learn a great deal from this book.

Jonathan C Fornaci

President and CEO IMG Universal
Jonathan has been a feature speaker on security at Interpol, within the US Government, and major corporations and has appeared on ABC, NBC, BBC, along with major publications including the Wall Street Journal, USA Today, Washington Post, IBD, CIO and Computerworld.

Rating:
Summary: Excellent guide for the network administrator
Review: This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.

Rating:
Summary: One of a kind!
Review: This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.

Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.

Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.

The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.

Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.

The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org