REVIEW: "Hack Attacks Testing", John Chirillo

From: Rob Slade, doting grandpa of Ryan and Trevor (rslade_at_sprint.ca)
Date: 05/29/03 

Date: Thu, 29 May 2003 21:00:41 GMT

BKHKATTS.RVW 20030330

"Hack Attacks Testing", John Chirillo, 2003, 0-471-22946-6,
U$50.00/C$77.50/UK#34.95
%A John Chirillo
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2003
%G 0-471-22946-6
%I John Wiley & Sons, Inc.
%O U$50.00/C$77.50/UK#34.95 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/ASIN/0471229466/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0471229466/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/0471229466/robsladesin03-20
%P 540 p. + CD-ROM
%T "Hack Attacks Testing"

The description in the introduction seems to indicate that this text
might be similar to SATAN (Security Administrator's Tool for Analyzing
Networks), in that it explains how to build a set of utilities in
order to identify vulnerabilities. As such, there is the possibility
that the work is open to a charge of being more useful to attackers
than to defenders. Fortunately, the book does not provide a great
deal of information that could be used to break into systems.
Unfortunately, it doesn't help much with defence, either.

Part one is supposed to describe how to build a multisystem "Tiger
Box," similar to SATAN, and the overview outlines the components of a
penetration test. Chapters one to four, however, simply narrate the
installations for Microsoft Windows NT and 2000, Red Hat Linux,
Solaris, and Mac OS X, using the installation programs provided. The
material is heavy on screen shots, and light on explanations of what
is going on and why. There is no provision for specific security
testing requirements, or even multiboot systems.

Part two lists penetration analysis tools for Microsoft Windows, and
the introduction tabulates common vulnerability classes. Chapter five
explains how to install the Cerberus Internet scanner, enumerates the
possible reports, and gives one (eight page) sample report. Much the
same is true for the Cybercop Scanner, Internet Scanner, Security
Threat Avoidance Technology (STAT), and TigerSuite products in
chapters six through nine. All of these systems do multiple probes
and analysis.

The description of UNIX and OS X tools, in part three, starts with a
twenty page list of UNIX commands. UNIX utilities tend to be more
single purpose: hping/2 is for IP spoofing and nmap is for port
scanning, but Nessus, SAINT (Security Administrator's Integrated
Network Tool), and SARA (Security Auditor Research Assistant) are
collections.

Part four is entitled "Vulnerability Assessment," but contains only
chapter fifteen, which contains checklists for securing various
systems, primarily relying on outside sources.

Despite the introduction, this book does *not* describe how to set up
a "Tiger Box." It lists a few vulnerability scanners and utilities.
There is little in the way of help or explanations, and the material
seems to be based primarily on product documentation and commonly
available guides. The content actually by Chirillo often seems so
oddly written that it is difficult to parse any meaning from the text.

The book does provide you with a list of vulnerability scanners. But
then, so would any decent Web search.

copyright Robert M. Slade, 2003 BKHKATTS.RVW 20030330 

-- 
====================== 
rslade@sprint.ca  rslade@vcn.bc.ca  slade@victoria.tc.ca p1@canada.com
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
      or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe@egroups.com
Quantcast