Customer comments on this selection.
 Not about hacking Linux
When I was reading this book, I kept waiting for the topic to be Linux. The book starts with OSSTMM material. You can tell the OSSTMM folks have become too abstract to be concerned with the work-a-day security industry. This is not what I (or, I'm sure, anyone) will expect from a Hacking Exposed book. Imagine a book of definitions, but no examples; references to techniques, but no tools.
The book features large tracts of discussion about OSSTMM, PSTN, ISDN, X.25, VOIP, Wireless (in general, not really Linux), RFID, web-apps (shouldn't that be its own book?), and C code static analysis. There's a whole chapter on hacking the users, without any real discussion of brute force attacks or tools you'd use to hack a Linux system. I was very disappointed.
Where is discussion of kernel- and user-space? Where are hardware abstraction layer boundaries? What about exploiting stacks and heaps in Linux? What are the security implications of Linux dynamic libraries? What about hacking OpenSSH, Apache, Samba, X11, NFS, Kerberos, NIS and other common Linux services?
If you're looking for hands-on Linux exploitation techniques, look elsewhere.
1st and 2nd editions better
hacking linux exposed 3rd edition is a complete rewrite and (in my opinion) loses the power of the previous editions.
the first two editions have numerous examples of exploits followed by appropriate strategies for defending against them. the current edition is jargon and alphabet soup found within the field of security. about the only redeeming feature of the latest edition is a concise summary of security software for linux found in the appendix.
i teach linux security (usually in the spring) and i know how difficult it is keep current with examples of exploits. what i demonstrate one year is unavailable the next! however, the red books really attempted to demonstrate the various vulnerabilities the blue book is generality and vocabulary.
 Good book, but little news
I had this on preorder, so I got it the moment it came out. If you are new to Linux security, this book is excellent. It talks about all the things you need to be aware of, and how to protect your systems. I would most definitely recommend it. Unfortunately for me, I knew most of this already. It did have some tidbits I liked, and the security recommendations are most definitely sound. I give it 4 stars, because I had expected more about hacking and less about securing.
Solid Information
ISECOM, the renowned research organization for security, has again "made sense" of securing a Linux network against attacks. The book is a thorough guide to understanding how to "separate the asset from the threat" and block hackers from playing in the ultimate playground of Linux. The authors take you from the elements of security, to hacking the system, to hacking the users.
What is particularly helpful are the case studies. If you or your company's employees need to travel and access your company's website via wireless connection, you'll be especially interested in the case study in Chapter Eight, where a hacker tracks a signal to a hotel's access point and creates legit-looking error pages in order to obtain the account information of the user. Also helpful are their usual attack and countermeasure icons, which further define how to pinpoint areas of risk.
Security teams looking to evaluate their areas of vulnerability within Linux will be forearmed with the powerful arsenal of preventative approaches covered in this edition. All of the material is new, based upon the most recent and thorough security research. The hacking and countermeasure are based on the OSSTMM, the security testing standard, and cover all known attacks on Linux as well as how to prepare the system to repel unknown attacks. A great buy for the Amazon price of $31.49.
Fantastic Security Resource
I found this book to have enough depth to assist in protecting your network and computer assets, but would have like to seen more specific examples in some cases.
High Points:
Circumventing Bios Passwords
chrooting
Fingerpring scrambling
Secure Network Topology
X.25 Information
|
