Sebastopol, CA–Computer security is not precisely like warfare. In war,both sides seek to take advantage of the other’s weaknesses. Both sides strive to operate from a position of offense rather than defense. Computersecurity is rather like building a fortress that you hope will be impenetrable to attack. It’s similar to war, however, in that the threatof attack is real, constant, malicious, and unrelenting. Therefore, the tactics of war can be valuable in securing your systems and data against assault. And, as in warfare, the more you know about your enemy, the stronger your position.
Based on the principle that the best way to defend yourself is tounderstand your attacker in depth, “Security Warrior” (O’Reilly, US$44.95) by Cyrus Peikari and Anton Chuvakin reveals how your systems canbe threatened. Covering everything from reverse engineering to SQLattacks, and including topics like social engineering, antiforensics, and advanced attacks against Unix and Windows systems, this book leaves youknowing your enemy and prepared to do battle.
“Security Warrior” offers readers unique methods for honing theirinformation security (or infosec) techniques, presented in an entertaining and easy-to-read style. Covering a combination of formal science andreal-life infosec experiences, multiple platforms, and attacks and defenses, the book explores areas of computer security that will gratifyeven the most seasoned veterans. According to the Peikari and Chuvakin,one example of this is their coverage of reverse code engineering (RCE),including the esoteric subjects of Linux and embedded RCE. As they explain, “RCE is indispensable for dissecting malicious code, unveilingcorporate spyware, and extracting application vulnerabilities, but until this book, it has received sparse coverage in printed literature.”
Reverse code engineering is thoroughly examined in the first section ofthe book, “Software Cracking.” Part II, “Network Stalking,” reviewssecurity aspects of TCP/IP, network reconnaissance, OS fingerprinting, and examines social engineering using psychological theories to explore possible attacks and how hackers hide their tracks. Next, in “PlatformAttacks,” readers learn about platform-specific attacks and defenses,including weaknesses in Windows XP Remote Assistance, flaws in Kerberos authentication on Windows Server, web services security, and SQL injectionattacks. Part IV, “Advanced Defense,” tackles advanced methods of network defense, including the use of Bayesian analysis to implement intrusiondetection systems.
As attacks against computer systems become increasingly sophisticated, astrong defense is essential, and the best way to build an effective defense is to understand and anticipate potential attacks. Anyone who ison the front lines defending against the enemy needs this book. It givesyou the knowledge you need to render the most persistent enemy ineffectual.
Chapter 2, “Windows Reverse Engineering,” is available online at:
For more information about the book, including table of contents, index,author bios, and samples, see:
For a cover graphic in JPEG format, go to:
Cyrus Peikari and Anton Chuvakin
ISBN 0-596-00545-8, 531 pages, $44.95 US, $65.95 CA
O’Reilly & Associates is the premier information source for leading-edgecomputer technologies. The company’s books, conferences, and web sitesbring to light the knowledge of technology innovators. O’Reilly books,known for the animals on their covers, occupy a treasured place on theshelves of the developers building the next generation of software.O’Reilly conferences and summits bring alpha geeks and forward-thinkingbusiness leaders together to shape the revolutionary ideas that spark newindustries. From the Internet to XML, open source, .NET, Java, and webservices, O’Reilly puts technologies on the map. For more information:http://www.oreilly.com