Author: Nitesh Dhanjani
Publisher: McGraw-Hill Professional
A few years ago, book publisher McGraw-Hill, struck gold with the release of “Hacking Exposed” – the book that soon became a bestseller and is usually considered one of the best information security publications of all time. The title was quickly followed by several updated editions and a couple of spin-offs dealing with specific security topics. Following the Hacking Exposed fame, HackNotes delivers similar security content, fitted into a portable reference guide.
About the author
Nitesh Dhanjani is a Senior Consultant at Ernst & Young. He is a contributing author to the best-selling security book Hacking Exposed: Network Secrets and Solutions, Fourth Edition and HackNotes: Network Security Portable Reference. He has performed network and web-application attack and penetration reviews for various clients in the Fortune 500.
Inside the book
The book is divided into three parts, with the scope on the first part dealing with actual hacking techniques and ways to defend against those attacks. This part starts with a chapter on footprinting, where the author presents several, mostly familiar, examples of using publicly available information for hacking purposes. The next couple of chapters deal with similar techniques of scanning the target, identifying its system specifics and enumerating remote services on it.
After introducing the readers with the initial steps the attacker will surely deploy, Dhanjani discusses the methods of remotely hacking the target system. This is the longest chapter, as the remote attacks are the biggest problem to a large number of organizations connected to the Internet. Over here you’ll find tons of useful information on both hacking and securing varying from brute forcing MySQL to tunneling POP3 traffic via SSH. Ending the exposure of hacking tactics, the author covers methods of privilege escalation and the ways attacker can hide his/her presence on the successfully penetrated system.
Second part of the book deals with tips on host hardening. Although this topic dealing with the most important system administration task is spread just over 25 pages, the author managed to compress a variety of specific information which will surely be of a great help to the reader. Three chapters that are contained in this section, cover information on default settings and services, user and file system privileges and system logging and patching.
Part three of this portable reference, deals with some specific security topics, that are a bit different from the actual hacking examples presented throughout the book. It opens with a brief overview of NASL (Nessus Attack Scripting Language), which offers some basic information on the structure of Nessus signatures and ways to create your own updates to this popular tool. This is followed with a section dealing with wireless security, which spreads just over five pages and doesn’t host anything special. Hacking with Sharp Zaurus PDA is the topic of the last chapter of this book, where the author mentions a number of security tools that can be used on this popular handheld.
The book also hosts a 30 page reference center that is strangely placed in the physical middle of the book, splitting one of the chapters in two parts. From the content perspective, it holds a number of valuable facts, varying from common UNIX commands and IP addressing, to NetCat commands and ASCII tables.
As I’m a regular “Hacking Exposed” reader (especially liking Hatch’s Hacking Linux Exposed), the press release announcing “HackNotes” series quickly caught my attention. This was mainly because I usually like to traverse through smaller reference type of books and the fact that “Hacking Exposed” books needed a smaller companion guide dealing with just the most relevant information. I’m not saying in any way that the “HackNotes” books can replace their big brothers, but they are worthy additions to them.
The book should be of a quite use to the novice and intermediate readers, interested in what system and network security concepts really are, as it covers the same practical topics from both the attacker and administrator’s point of view. For a number of readers, this book will probably be the appetizer that will make them get a hold of “Hacking Linux Exposed“, which goes more in-depth with the similar topics.
Written by an experienced information security consultant, this portable reference delivers just the things we expect from this kind of a publication: important and up-to-date information on the common Linux/Unix security vulnerabilities, ways and tools to exploit those vulnerabilities and useful tips on securing and protecting your systems.