AOH :: ISNQ3474.HTM

Book Review: Hack the Stack




Book Review: Hack the Stack
Book Review: Hack the Stack



http://www.amazon.com/exec/obidos/ASIN/1597491098/c4iorg 
and http://www.shopinfosecnews.org 

Title: Hack the Stack: Using Snort and Ethereal to Master the 8 Layers 
of an Insecure Network
Authors: Michael Gregg (principal author), Stephen Watkins, George Mays, 
Chris Ries, Ron Bandes, Brandon Franklin
Pages: 442 pages
Publisher: Syngress
Reviewer: dr.spook at gmail dot com
ISBN: 1597491098

Like many books with multiple authors, it's a mixed blessing. I would 
also like to suggest to Syngress that they hire an editor. This book 
would have benefited from a stricter hand. It would at least merit a 
simple grammar check. Please.

Is anyone else tired of the word "Hack" or "Hacking" in the title? I 
wonder if it doesn't take away from the message of the book, when the 
points are obscured with the obvious memetic charge that such a title 
gives.

For the curious: Open Systems Interconnection Basic Reference Model is 
described in http://en.wikipedia.org/wiki/OSI_model 

OSI (the intended replacement for TCP/IP) never caught on, even though, 
for a time, the government was mandating its use. The seven layer model 
was still recognized as a useful descriptor of networking, and has come 
to be used as an abstraction, useful for teaching concepts about 
networking.

This book is arranged in that manner, with the addition of one of the 
"non-standard" layers as the final chapter. Layers 8, 9, and sometimes 
10 have multiple references, such as political, financial, and 
metaphysical. In this case, the authors have chosen to refer to layer 8 
as the people layer.

Interesting premise, using the OSI 7-layer model to discuss security, 
with the addition of the engineer's favorite eighth layer, the user. 
Point and counterpoint in each chapter of "Attack" and then "Defend" 
brings some cohesion to this inadequately edited book.

This book is tolerable as a beginner's book, but some of the information 
is old, and it's very uneven. I'm also not sure what the point of it 
should be. It has some good bits, mixed in there. There's some good 
information on how networks work, which is explained in understandable 
terms and language. I don't know that this book contributes to the body 
of work that should comprise a good computer and network security 
library.

The first chapter is an introduction, explaining the approach of the 
book. The second, termed the physical layer, is actually defined to 
include everything from locks, lights, and guards (i.e. physical 
security) to hardware hacking. [Do we really need a discussion of chain 
link fence sizes in a security book?]

I'm not sure of the rationale for things included in this chapter. We 
have everything from an explanation of pin tumblers (but not what locks 
are secure) to an overview of passwords (surely misplaced in a 
discussion of physical security). Finally, in the last third, we 
approach some interesting hardware hacking. Even here, I'm a bit 
puzzled. The construction of a one-way network cable is built, but 
nowhere is there an acknowledgement that lines can still be tapped (not 
as easily as in the old vampire tap days of thicknet, but it still can 
happen).

Nowhere is there a discussion of interruptions in the data line, nor any 
realization that the one-way cable could be used for ill as well as 
good. On the other hand, there are nice pictures to help the casual user 
learn how to modify a USB Bluetooth to increase the antenna range.

Unfortunately, they still repeat that mantra of urban legend that the 
Internet (which they confuse with TCP/IP) was built to survive a nuclear 
attack.

http://en.wikipedia.org/wiki/ARPANET 

There are a couple of other caveats with this book. Although it doesn't 
say so, it is very Linux/Windows centric, and some tools are described 
in depth (such as ping), without mentioning that arguments and return 
values may be different on other operating systems. It seems to have 
been written a year or two ago, even though the publication date is 
October 17, 2006, much of the information is out of date, and there's no 
mention at all of Vista. There's the merest nod to IPv6, and almost 
nothing mentioned of the serious routing protocols and devices (which I 
somehow expected).

It's not a bad book; I've seen much worse. If you're just starting out, 
it might not be a bad introduction to some of the tools and methodology, 
but don't let it be your only book. It lists at $49.95, but Barnes and 
Noble and Amazon are both discounting it.


-- 
We should not be building surveillance technology into standards.
Law enforcement was not supposed to be easy.
Where it is easy, it's called a police state.  -- Jeff Schiller


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 
 

Site design & layout copyright © 1986-2014 CodeGods