Authors: Michael Horton and Clinton Mugge
Publisher: McGraw-Hill Professional
The HackNotes series quickly became one of the best selling titles in the computer security publishing sector. With some great marketing, mostly derived from the famous Hacking Exposed titles, it wasn’t a tough job for Foundstone staffers to create this series of successful portable reference publications. Today I’m taking a look at one of the HackNotes titles that is concentrated on Network Security.
About the authors
Mike Horton, series editor for the HackNotes series, is a principle consultant for Foundstone. He specializes in secure network architecture design, network penetration testing, operational security program analysis and physical security assessments.
Clinton Mugge is a director of consulting at Foundstone’s security services on the West Coast. He has a decade of security experience in the commercial and government sectors.
Inside the book
The HackNotes series is comprised of handy little books spread over about 200 pages covering quite a large amount of content specific topics. The authors’ purpose is to provide just the relevant information on a different set of sub-topics. If you are a regular visitor to security web sites and forums, you’ll most probably find this book a great repository of security vulnerabilities, tools of the trade, as well as both hacking and securing methods.
The book is divided into three main parts and the first one deals with some of the formal InfoSec parts that are often disregarded by technical-centric personnel. The topics discussed in this part introduce the readers with some of the initial security concepts and principles, as well as methods of risk assessment and management. This section of the book spreads just over 30 pages, but it provides some of the basics that could interest the readers in some of the most common procedures.
Hacking techniques and defenses are the main topic of the second part of the book. If you are in any case interested in building your career in penetration testing, tips and tricks provided in here will be pure gold. The authors summoned their experience on pen testing and provide the readers a step-by-step manual on how to think as an attacker and guide them from the initial enjoyments such as reconnaissance to the more upscale things such as actual attacking and, as the crown of the whole process, a successful system compromise.
The largest set of information is given to the Operating System specific security issues. The reader can easily browse their favorite OS and find a list of both local and remote security issues, as well as proposed countermeasures. I should note that the material presented here is limited to UNIX and Windows (9x, Me, NT and 2000). If you are in need of a thorough set of security issues and exploits for one of these operating systems, you’ll probably need to get one of the “parent” Hacking Exposed titles, as this book is a 200 page portable reference so its purpose is to stress out the most important issues and techniques.
“Special topics” is the title of the last section. Over here the authors summarize info on a number of important security areas including Wireless Networking, Web Applications, Incident Response and common intruder tactics. Following the book’s structure, throughout these chapters, the authors present the security issues surrounding these topics and provide a wealth of information on both the issues and the solutions and further securing tips.
The center of this book hosts a 30 page reference center dealing with common system commands, networking specifics, common and default passwords, useful ports and system services and quite a good list of must have security tools (btw, you can browse our software download base containing over 500 updated software titles categorized on Linux, Windows and PocketPC).
To keep it short and simple – “HackNotes Network Security” gives what is expected of it: loads of different information presented in an easily browsable format. The book is perfectly suited for two different types of readers: those who are working within the Information Security field and need to catch up with some of the most common security issues and procedures, and for those who need to show their upper management the magnitude of possible security risks in a network environment.