description in the introduction seems to indicate that
might be similar to SATAN (Security Administrator's Tool
Networks), in that it explains how to build a set of
order to identify vulnerabilities. As such, there is
that the work is open to a charge of being more useful
than to defenders. Fortunately, the book does not provide
deal of information that could be used to break into
Unfortunately, it doesn't help much with defence, either.
one is supposed to describe how to build a multisystem "Tiger
Box," similar to SATAN, and the overview outlines
the components of a
penetration test. Chapters one to four, however, simply
installations for Microsoft Windows NT and 2000, Red
Solaris, and Mac OS X, using the installation programs
material is heavy on screen shots, and light on explanations
is going on and why. There is no provision for specific
testing requirements, or even multiboot systems.
two lists penetration analysis tools for Microsoft
the introduction tabulates common vulnerability classes.
explains how to install the Cerberus Internet scanner,
possible reports, and gives one (eight page) sample report.
same is true for the Cybercop Scanner, Internet Scanner,
Threat Avoidance Technology (STAT), and TigerSuite products
chapters six through nine. All of these systems do multiple
description of UNIX and OS X tools, in part three,
starts with a
twenty page list of UNIX commands. UNIX utilities tend
to be more
single purpose: hping/2 is for IP spoofing and nmap is
scanning, but Nessus, SAINT (Security Administrator's
Network Tool), and SARA (Security Auditor Research Assistant)
four is entitled "Vulnerability Assessment," but
chapter fifteen, which contains checklists for securing
systems, primarily relying on outside sources.
the introduction, this book does *not* describe how
to set up
a "Tiger Box." It lists a few vulnerability
scanners and utilities.
There is little in the way of help or explanations, and
seems to be based primarily on product documentation
available guides. The content actually by Chirillo often
oddly written that it is difficult to parse any meaning
from the text.
book does provide you with a list of vulnerability
then, so would any decent Web search.
copyright Robert M. Slade, 2003 BKHKATTS.RVW 20030330