||Add To My Personal Library
November 2, 2007
Vol.29 Issue 44|
Page(s) 21 in print issue
â€śSecurity Power Toolsâ€ť: A Comprehensive Reference
A Guide For Locking Down Your Network
The explosion of high-speed Internet access around the world and the preponderance of TCP/IP networks as potential targets have compounded security risks. Adding further to the problem, IT budgets emphasize new technologies, while getting them to function properly and seeing an ROI often get more emphasis than properly locking new systems down.
Security Power Tools
Authors: Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi, and Avishai Avivi
Publisher: OReilly Media
Format: Soft cover, 856 pages
Unfortunately, most security books are not up to the task of offering a complete reference guide for what admins need to know. Some books may stress theoretical approaches at the expense of outlining practical instructions about implementing a strategy. Some guides may be short on theory but will offer just a few tools, which are insufficient in number and scope. Admins who rely on books as reference guides and to keep their skills up to date usually have a collection of security-related guides instead of a single volume.
The authors of Security Power Tools, most of whom are members of the security engineering and research department of Juniper Networks (www.juniper.net), have attempted to communicate what the books cover says are the best security tools on the planet for both black hat techniques and white hat defense tactics. The book comprises 23 cross-referenced chapters that offer tips and how-to descriptions of shareware and commercial tools. The coverage runs the gamut of technicality, from command-line operations to programming tips to discovering hidden exploits.
Not For Beginners?
The preface states that the book is for network security admins, engineers, and consultants who have at least intermediate-level skills. Its principles apply to very large networks, as well as to those of small to midsized enterprises. Still, the books descriptions of the tools are very accessible. The chapter on cracking WEP encryption protocols, for example, details how easy it is to intercept and decipher Wi-Fi data packets from unsuspecting users so that any aspiring 12-year-old hacker could learn how to do it.
Some general managers and COO types are still not waking up to the fact of how vulnerable their data centers and networks really are. However, certain chapters are accessible enough that they should convince any nontechnical person who remains skeptical about the importance of investing in locking down an enterprises data.
The books six main technical sections cover reconnaissance, replete with network scanning tools; network penetration tactics; backdoor control; defense; monitoring; and discovery. A chapter on ethics and the law, by Stanford Universitys Jennifer Stisa Granick, who is also the civil liberties director with the Electronic Frontier Foundation, outlines real-life cases when the lines separating black from white hats become blurred.
All That You Need?
Security Power Tools is chock-full of relevant content that is also accessible and straightforward. But does the book offer the best security tools on the planet? Possibly, as this writer has not seen a more comprehensive guide. But no one book will ever serve as the only source for security knowledge. New tools and exploits have been created after the book was published. Besides reading books, the learning process also involves an almost obsessive hunt for new exploits, defense tools, and techniques through forums, newsletters, and other means. Still, Security Power Tools is almost guaranteed to offer any intermediate- and advanced-level professional information and tools to fill in knowledge and memory gaps.
by Bruce Gain
Key Concepts |
The stated goal of Security Power Tools is to communicate the best security tools on the planet for both black hat techniques and white hat defense tactics. Whether the book lives up to the claim or not, its scope is wide, with 23 cross-referenced chapters that offer tips and detailed descriptions of shareware and commercial tools. Geared for intermediate and senior security professionals, coverage ranges from command-line operations to programming tips to discovering hidden exploits. Some of the chapters, such as Computer Trespass Laws: No Hacking Allowed on ethics and the law, are accessible for those with only a basic knowledge of IT security.