"Hacking Exposed: Network Security Secrets & Solutions"
Network and system administrators should go to the local bookstore and buy two copies of "Hacking Exposed: Network Security Secrets & Solutions," one for themselves and one for their chief technology officer. This book, co-authored by Stuart McClure, Joel Scambray and George Kurtz, is a great practical guide for administrators and an eminently readable exposé on hacking that should smooth the way for sensible executive policies to protect corporate networks.
Diligent as I am at wiling away hours of time perusing the tech section of my local bookstore, I somehow missed the September release of the third edition of this tome along with its compulsory CD companion.
I offer this brief review so that you dont make the same mistake. Id also like to point out the companion Web site, www.hackingexposed.com, which has loads of references to security sites, conferences, assessment tools and other valuable resources for those charged with keeping the network up and running.
New in this version of the book are references to 802.11b wireless security. Although this section is somewhat skimpy compared with the rest of the book, it could be that the spec itself is so basically exposed that there isnt much more to say, except "prepare to be boarded." (Check out my April 22 article Wireless Sniffers Put to Test for a roundup of three leading wireless protocol analyzers that can help guard against rogue installations of wireless access points.)
The book does a good job of covering the exploits du jour without seeming dated as soon as it came off the presses. The discussion of the Code Red and Nimda worms is useful both for its "how-to" guide to stopping these particular problems and for explaining the technique of the hacks themselves.
This provides a basis for understanding the compromises, which should help prevent these kinds of attacks in the future.
Most IT managers should use the book as a starting point for developing a practice for active network defense or as a review guide for double checking their current practices.
Senior Analyst Cameron Sturdevant can be contacted at firstname.lastname@example.org.