From: InfoSec News (isnc4i.org)
Date: Thu Jul 26 2001 - 10:21:24 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.enterprise-zone.com/free/bookrevview.asp?content_id=552

Despite more than 400 pages of source code and security defense
examples, this book's valuable content could easily be condensed into
a single article sidebar.
  
A book that explains how to create a secure computer system should not
rely on or refer to other books about hacking. Yet John Chirillo's
Hack Attacks Denied: Complete Guide to Network LockDown makes an
excessive amount of references to its counterpart, Chirillo's previous
book, Hack Attacks Revealed: A Complete Reference with Custom Security
Hacking Toolkit. He almost begs the reader to purchase it if he or she
hasn't already. In fact, he goes so far as to infer that the reader
will not have the proper foundation without first reading Hack Attacks
Revealed.

With his previous book Chirillo attempted to outline the gory details
of hacking but managed to provide only a solid technical foundation at
the beginning of an otherwise forgettable book (see my review, Hack
Attacks RevealedPartially). Unfortunately, Hack Attacks Denied fails
to provide even a solid technical foundation. Instead, Chirillo offers
a collection of rudimentary security practices with the apparent hope
that readers of his previous book will use them to foil the vague
attack methods he outlined in it.

Much like Hack Attacks Revealed, Hack Attacks Denied includes page
after page of worthless source code, which is included in digital
format on the accompanying CD-ROM. Without explanation or a
comprehensive breakdown of what it is or does, the source code amounts
to filler that most savvy readers will ignore.

Trouble From the Start

The archetype example of this book's shortcomings occurs in the first
100 pages. Chirillo extols his own "Tigerinspect" port scanner as a
good utility for "home, corporate, and/or private Windows users" who
wish to scan a machine for open ports. After suggesting that NMAP
("Network Mapper"), an open source utility that's become the de facto
port scanner for security professionals, is inadequate, Chirillo
subjects the reader to twenty pages of source code for "Tigerinspect."
Worse still, he tells the reader that his scanner will not identify
common ports such as FTP (File Transfer Protocol). To suggest that
Tigerinspect is a reasonable alternative to any other scanner when it
lacks this basic functionality is absurd.

The book goes on to suggest that if the reader wants to add that basic
functionality to his or her scanner, "you can add it at your leisure"
by adding three additional lines of codeper port. Chirillo's friendly
"Tiger note" then reminds readers that not only must they add three
lines of code per port, they must add those three lines per port in
five different places. As both of his books state, there are more than
65,000 ports, giving the reader the option of adding some 975,000
lines of code to his 1,100-line program. Thanks, but no thanks.

In a Nutshell, Don't Bother

Later in the book, Chirillo lists a slew of examples of attacks one
might find, many of which were outlined in his previous book. A
significant portion of the security recommendationsthe foundation of
the bookcan be summed up with "upgrade your software." Rather than
over 400 pages of source code and vague examples of inadequate
security defenses, this book's valuable content could easily be
condensed into a sidebar titled "Common Security Practices."

Brian Martin is an outspoken security consultant in the Washington DC
area. His daily work takes him in and out of commercial and government
systems, usually without sparking law enforcement investigation. He
speaks at industry events such as The Black Hat Briefings security
conference. He can be reached at jerichoattrition.org.

-
ISN is currently hosted by Attrition.org

To unsubsribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]