Authors: Stuart McClure, Joel Scambray and George Kurtz
Publisher: McGraw-Hill Professional
This is one of the most known book about computer security ever written. Since its first edition the book has been translated into 19 languages. All the previous editions have received extensive praise from important people in the security community as well as from those who got into security with the help of Hacking Exposed. I must admit I approached this book with high expectations, read on to find out what I think of it.
About the authors
George Kurtz is the CEO of Foundstone. George holds several industry designations, including Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Public Accountant. George graduated with honors from Seton Hall University where he received a Bachelor of Science in Accounting.
Stuart McClure is the CTO of Foundstone. He is a successful security author, speaker, and teacher whose writings have been translated into dozens of languages around the world. Stuart holds a B.A. degree from the University of Colorado, Boulder and numerous certifications including ISC2’s CISSP, Novell’s CNE, and Check Point’s CCSE.
Joel Scambray is the Senior Director of MSN Security for Microsoft. He has presented information security seminars to numerous groups worldwide, including CERT, The Computer Security Institute (CSI), ISA, SANS, etc. Joel’s academic background includes advanced degrees from the University of California at Davis and Los Angeles, and he is a Certified Information Systems Security Professional.
Inside the book
Since the authors want to give you a comprehensive view on how your system can be compromised, they don’t limit themselves and describe topics not present in some other books. This is exactly why the first part of the book starts with a chapter dedicated to footprinting. Here you learn how an attacker, using a combination of tools and techniques, can create a complete profile of an organization’s security posture. You see what can happen, how you can protect yourself and we get several URLs we can visit to get more information.
As we move on we encounter a discussion on scanning. Here you discover how to determine if a system is alive, what services are running or listening, and what operating system it’s running. Briefly illustrated are various port scanning techniques and we are presented with tools like Nmap, Netcat and NetScanTools. Naturally, there are tips on how you can protect yourself from port scanning. Before going forward to discuss automatic discovery tools, the authors write about active stack fingerprinting and passive stack fingerprinting.
What follows is an overview of enumeration. This process of probing previously identified services differs from previously described techniques of gathering information since it involves active connections to system and direct queries. The authors demonstrate what attackers can discover and how you can prevent it. Almost double in size than the previous chapter, it discusses in detail basic banner grabbing as well as the enumeration of common network services. Some of the tools mentioned here are: Legion, DumpSec, GetAcct and IP Browser.
The second part of the book deals with system hacking. The covered operating systems are Windows 95/98/Me/2000/NT/XP/.Net Server, Novell Netware and UNIX. What you get here is a comprehensive overview of techniques and tools, way too many to mention them all. Discussed are local and remote attacks, authenticated and unauthenticated attacks, local and remote exploits, application vulnerabilities, IPSec, rootkits, and a whole lot more. These 150+ pages are bound to give you a great insight into what can go wrong and how you can try and prevent it. Some of the tools mentioned here are LC4, John the Ripper, TCPDUMP, Snort and Ethereal.
The third part of the book illustrates network hacking and starts off with a chapter dedicated to dial-up, PBX, voicemail and VPN hacking. When writing about war dialing the authors note that it basically boils down to a choice of tools such as: ToneLoc, THC-Scan, PhoneSweep and TeleSweep. As with every previous chapter, this one also comes with a summary of tips to help you out. This time around you’ll get some tips on remote access security.
The authors note that network vulnerabilities, although not abundant as system vulnerabilities, increase in both quantity and devastation every year. This introduces us to a chapter dedicated to network devices. You learn about methods of detection, autonomous system lookup, the detection of services, and so on. As we move on we encounter one of the new additions to this edition – a chapter on wireless hacking. The authors provide information on wardriving and give an equipment overview where you find information on wireless cards, GPS cards and antennas. Software titles mentioned here include the popular Kismet, AirSnort and NetStumbler. Some of the covered topics are sniffing, gaining access, denial of service attacks, etc. Some countermeasures are noted and there’s a list of websites where you can get more information on wireless technology.
The following two chapters bring forward the discussion on firewalls and Denial of Service attacks. Although very small, the chapter on firewalls gives you information on firewall identification, scanning through firewalls, packet filtering, etc. When it comes to Denial of Service attacks, everyone remembers the attacks on Yahoo!, eBay, CNN and other high-profile websites that made the news for a long time. Defined here is the motivation of DoS attackers as well as the different types of DoS attacks.
The fourth part of the book deals with software hacking and begins with a chapter dedicated to remote control insecurities. Here you see a list of remote control software and an explanation of several weaknesses that touch these software titles. You’ve certainly heard about VNC, Windows Terminal Server and Citrix ICA. Now you can see how their weaknesses can be exploited. To close this chapter the authors provide a list of resources you can use in order to understand the security issues surrounding Terminal Server.
The last three chapters deal with advanced techniques; web hacking and hacking the internet user. The advanced techniques are categorized in the following sections: back doors, cryptography, Trojans, social engineering as well as rootkits and imaging tools. The chapter dedicated to web hacking covers web server hacking and web application hacking and is fairly small. This is no surprise since there’s another book released on the subject – Hacking Exposed: Web Applications. However, among other things you’ll see how both IIS and Apache have their weak sides, how you can find vulnerable web applications with Google and what countermeasures you can use. When it comes to the problems that you as the Internet user are facing, you’ll get information on ActiveX, Java security holes, IE HTML frame vulnerabilities, SSL fraud, e-mail and IRC hacking. This chapter will most certainly open your eyes and you’ll discover more areas where you are vulnerable and you’ll be able to protect yourself with the suggestions provided by the authors.
The fifth and last part of the book is comprised of two appendixes. The first appendix lists ports that are commonly used to gain information from or access to computer systems. The second one provides a diagram of the top 14 security vulnerabilities.
About the DVD
The Hacking Exposed Live! DVD that comes with the book is based on the presentations the authors have given all over the World. You see George Kurtz talk and demonstrate port scanning, SQL hacks, unicode, HTR chunked encoding, and more. If you’re thinking about visiting a live presentation by the authors, this DVD will give you a glimpse of what to expect. In the following edition I would like to see the programs mentioned in the book on the DVD, it makes life easier to just install them and try them while following the book.
My 2 cents
If you have an older edition of Hacking Exposed and you’re wondering whether to get the new edition, I would certainly recommend it because of the many additions. Some of the newly added things include: the latest network hacking methods (the use of tracerouting, dsniff, ARP, SNMP, etc.), new DDoS tools and tricks, new case studies that cover recent security attacks, a whole new chapter that covers attacks on 802.11 wireless networks, and more.
Thi book contains a myriad of screenshots and code examples. As the previous editions, it’s very easy to navigate and it’s written clearly which makes it simple to follow and understand. With every edition this books keeps getting better and better. I can recommend it to anyone interested in computer security, as it will certainly give you a real-world course on the subject.