Processor ® Free Subscription
Used HP, Used IBM, Used Compaq, Used Cisco, Used Sun
Home |  Register |  Contact Us   
This Week's Issue
Browse All Issues
Search All Articles
Product News & Information
Company
News & Information
General Feature Articles
News
Opinions



Book Reviews Email This
Print This
View My Personal Library

General Information Add To My Personal Library
November 2, 2007 • Vol.29 Issue 44
Page(s) 21 in print issue

“Security Power Tools”: A Comprehensive Reference
A Guide For Locking Down Your Network



Security Power Tools


Authors: Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi, and Avishai Avivi

Publisher: O’Reilly Media

Price: $59.99

Format: Soft cover, 856 pages

The explosion of high-speed Internet access around the world and the preponderance of TCP/IP networks as potential targets have compounded security risks. Adding further to the problem, IT budgets emphasize new technologies, while getting them to function properly and seeing an ROI often get more emphasis than properly locking new systems down.

Unfortunately, most security books are not up to the task of offering a complete reference guide for what admins need to know. Some books may stress theoretical approaches at the expense of outlining practical instructions about implementing a strategy. Some guides may be short on theory but will offer just a few tools, which are insufficient in number and scope. Admins who rely on books as reference guides and to keep their skills up to date usually have a collection of security-related guides instead of a single volume.

The authors of “Security Power Tools,” most of whom are members of the security engineering and research department of Juniper Networks (www.juniper.net), have attempted to communicate what the book’s cover says are “the best security tools on the planet for both black hat techniques and white hat defense tactics.” The book comprises 23 cross-referenced chapters that offer tips and how-to descriptions of shareware and commercial tools. The coverage runs the gamut of technicality, from command-line operations to programming tips to discovering hidden exploits.

Not For Beginners?

The preface states that the book is for network security admins, engineers, and consultants who have at least intermediate-level skills. Its principles apply to very large networks, as well as to those of small to midsized enterprises. Still, the book’s descriptions of the tools are very accessible. The chapter on cracking WEP encryption protocols, for example, details how easy it is to intercept and decipher Wi-Fi data packets from unsuspecting users so that any aspiring 12-year-old hacker could learn how to do it.

Some general managers and COO types are still not waking up to the fact of how vulnerable their data centers and networks really are. However, certain chapters are accessible enough that they should convince any nontechnical person who remains skeptical about the importance of investing in locking down an enterprise’s data.

The book’s six main technical sections cover reconnaissance, replete with network scanning tools; network penetration tactics; backdoor control; defense; monitoring; and discovery. A chapter on ethics and the law, by Stanford University’s Jennifer Stisa Granick, who is also the civil liberties director with the Electronic Frontier Foundation, outlines real-life cases when the lines separating black from white hats become blurred.

All That You Need?

“Security Power Tools” is chock-full of relevant content that is also accessible and straightforward. But does the book offer the “best security tools on the planet”? Possibly, as this writer has not seen a more comprehensive guide. But no one book will ever serve as the only source for security knowledge. New tools and exploits have been created after the book was published. Besides reading books, the learning process also involves an almost obsessive hunt for new exploits, defense tools, and techniques through forums, newsletters, and other means. Still, “Security Power Tools” is almost guaranteed to offer any intermediate- and advanced-level professional information and tools to fill in knowledge and memory gaps.

by Bruce Gain


Key Concepts

The stated goal of “Security Power Tools” is to communicate “the best security tools on the planet for both black hat techniques and white hat defense tactics.” Whether the book lives up to the claim or not, its scope is wide, with 23 cross-referenced chapters that offer tips and detailed descriptions of shareware and commercial tools. Geared for intermediate and senior security professionals, coverage ranges from command-line operations to programming tips to discovering hidden exploits. Some of the chapters, such as “Computer Trespass Laws: No Hacking Allowed” on ethics and the law, are accessible for those with only a basic knowledge of IT security.


Share This Article:    del.icio.us: “Security Power Tools”: A Comprehensive Reference     digg: “Security Power Tools”: A Comprehensive Reference     reddit: “Security Power Tools”: A Comprehensive Reference

 

Home     Copyright & Legal Notice     Privacy Policy     Site Map     Contact Us

Search results delivered by the Troika® system.

Copyright © by Sandhills Publishing Company 2014. All rights reserved.