OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Book Review: Hack the Stack

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Jan 15 2007 - 00:32:48 CST

http://www.amazon.com/exec/obidos/ASIN/1597491098/c4iorg
and http://www.shopinfosecnews.org

Title: Hack the Stack: Using Snort and Ethereal to Master the 8 Layers
of an Insecure Network
Authors: Michael Gregg (principal author), Stephen Watkins, George Mays,
Chris Ries, Ron Bandes, Brandon Franklin
Pages: 442 pages
Publisher: Syngress
Reviewer: dr.spook at gmail dot com
ISBN: 1597491098

Like many books with multiple authors, it's a mixed blessing. I would
also like to suggest to Syngress that they hire an editor. This book
would have benefited from a stricter hand. It would at least merit a
simple grammar check. Please.

Is anyone else tired of the word "Hack" or "Hacking" in the title? I
wonder if it doesn't take away from the message of the book, when the
points are obscured with the obvious memetic charge that such a title
gives.

For the curious: Open Systems Interconnection Basic Reference Model is
described in http://en.wikipedia.org/wiki/OSI_model

OSI (the intended replacement for TCP/IP) never caught on, even though,
for a time, the government was mandating its use. The seven layer model
was still recognized as a useful descriptor of networking, and has come
to be used as an abstraction, useful for teaching concepts about
networking.

This book is arranged in that manner, with the addition of one of the
"non-standard" layers as the final chapter. Layers 8, 9, and sometimes
10 have multiple references, such as political, financial, and
metaphysical. In this case, the authors have chosen to refer to layer 8
as the people layer.

Interesting premise, using the OSI 7-layer model to discuss security,
with the addition of the engineer's favorite eighth layer, the user.
Point and counterpoint in each chapter of "Attack" and then "Defend"
brings some cohesion to this inadequately edited book.

This book is tolerable as a beginner's book, but some of the information
is old, and it's very uneven. I'm also not sure what the point of it
should be. It has some good bits, mixed in there. There's some good
information on how networks work, which is explained in understandable
terms and language. I don't know that this book contributes to the body
of work that should comprise a good computer and network security
library.

The first chapter is an introduction, explaining the approach of the
book. The second, termed the physical layer, is actually defined to
include everything from locks, lights, and guards (i.e. physical
security) to hardware hacking. [Do we really need a discussion of chain
link fence sizes in a security book?]

I'm not sure of the rationale for things included in this chapter. We
have everything from an explanation of pin tumblers (but not what locks
are secure) to an overview of passwords (surely misplaced in a
discussion of physical security). Finally, in the last third, we
approach some interesting hardware hacking. Even here, I'm a bit
puzzled. The construction of a one-way network cable is built, but
nowhere is there an acknowledgement that lines can still be tapped (not
as easily as in the old vampire tap days of thicknet, but it still can
happen).

Nowhere is there a discussion of interruptions in the data line, nor any
realization that the one-way cable could be used for ill as well as
good. On the other hand, there are nice pictures to help the casual user
learn how to modify a USB Bluetooth to increase the antenna range.

Unfortunately, they still repeat that mantra of urban legend that the
Internet (which they confuse with TCP/IP) was built to survive a nuclear
attack.

http://en.wikipedia.org/wiki/ARPANET

There are a couple of other caveats with this book. Although it doesn't
say so, it is very Linux/Windows centric, and some tools are described
in depth (such as ping), without mentioning that arguments and return
values may be different on other operating systems. It seems to have
been written a year or two ago, even though the publication date is
October 17, 2006, much of the information is out of date, and there's no
mention at all of Vista. There's the merest nod to IPv6, and almost
nothing mentioned of the serious routing protocols and devices (which I
somehow expected).

It's not a bad book; I've seen much worse. If you're just starting out,
it might not be a bad introduction to some of the tools and methodology,
but don't let it be your only book. It lists at $49.95, but Barnes and
Noble and Amazon are both discounting it.

--
We should not be building surveillance technology into standards.
Law enforcement was not supposed to be easy.
Where it is easy, it's called a police state. -- Jeff Schiller

_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn