IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


"Hack Attacks Testing", John Chirillo, 2003, 0-471-22946-6, U$50.00/C$77.50/UK#34.95
%A John Chirillo
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2003
%G 0-471-22946-6
%I John Wiley & Sons, Inc.
%O U$50.00/C$77.50/UK#34.95 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/ASIN/0471229466/robsladesinterne
%O http://www.amazon.ca/exec/obidos/ASIN/0471229466/robsladesin03-20
%P 540 p. + CD-ROM
%T "Hack Attacks Testing"

The description in the introduction seems to indicate that this text might be similar to SATAN (Security Administrator's Tool for Analyzing Networks), in that it explains how to build a set of utilities in order to identify vulnerabilities. As such, there is the possibility that the work is open to a charge of being more useful to attackers than to defenders. Fortunately, the book does not provide a great deal of information that could be used to break into systems. Unfortunately, it doesn't help much with defence, either.

Part one is supposed to describe how to build a multisystem "Tiger Box," similar to SATAN, and the overview outlines the components of a penetration test. Chapters one to four, however, simply narrate the installations for Microsoft Windows NT and 2000, Red Hat Linux, Solaris, and Mac OS X, using the installation programs provided. The material is heavy on screen shots, and light on explanations of what is going on and why. There is no provision for specific security testing requirements, or even multiboot systems.

Part two lists penetration analysis tools for Microsoft Windows, and the introduction tabulates common vulnerability classes. Chapter five explains how to install the Cerberus Internet scanner, enumerates the possible reports, and gives one (eight page) sample report. Much the same is true for the Cybercop Scanner, Internet Scanner, Security Threat Avoidance Technology (STAT), and TigerSuite products in chapters six through nine. All of these systems do multiple probes and analysis.

The description of UNIX and OS X tools, in part three, starts with a twenty page list of UNIX commands. UNIX utilities tend to be more single purpose: hping/2 is for IP spoofing and nmap is for port scanning, but Nessus, SAINT (Security Administrator's Integrated Network Tool), and SARA (Security Auditor Research Assistant) are collections.

Part four is entitled "Vulnerability Assessment," but contains only chapter fifteen, which contains checklists for securing various systems, primarily relying on outside sources.

Despite the introduction, this book does *not* describe how to set up a "Tiger Box." It lists a few vulnerability scanners and utilities. There is little in the way of help or explanations, and the material seems to be based primarily on product documentation and commonly available guides. The content actually by Chirillo often seems so oddly written that it is difficult to parse any meaning from the text.

The book does provide you with a list of vulnerability scanners. But then, so would any decent Web search.

copyright Robert M. Slade, 2003 BKHKATTS.RVW 20030330