Feeds

Anti-Hacker’s Toolkit

How they do it, so you can stop them

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Book review Sometimes it just pays to think bad thoughts. And, sometimes, it might even be a good idea to act on those bad thoughts. No, that doesn't mean you go out and shoot your boss. It does mean thinking bad thoughts about security. It means thinking like a hacker (no, not that sort of hacker, the sort that attacks your software/server/system).

We all know that security shouldn't be an afterthought when it comes to system design and development, but unless you know how a hacker attempts to crack a system how can you code for it?

The Anti-Hacker Toolkit isn't really designed for developers as such. It's a book that's aimed at those who need to defend rather than offend, which in practice means system admins, security personnel, web developers and so on. It takes the view that the best way of defending against attacks is to understand how attacks take place - what tools and techniques are likely to be used to launch attacks? And just what are the different types of attacks?

As suggested by the title, the book is a complete toolkit (with the individual tools included on the attached CD). It covers in some detail a very wide range of tools and utilities, with detailed instructions on how to use them, what the different options are and common usage scenarios.

The tools are organised by type: multi-function tools (including complete environments, such as VMware); server audit tools (from basic port scanners through to brute force password cracking, server hardening, backdoors and root kits); network auditing and defence (starting at the firewall and moving on to network reconnaissance, port redirectors, sniffers, wireless tools etc) and, finally, a section on incident response and computer forensics.

As you would expect from a book devoted to tools, the focus on the book is decidedly practical. That's not to say that it's just a glorified all-in-one manual for the tools that are covered. It's the material on usage that makes the book valuable, it shows how the tools can be used to attack (or seek out vulnerabilities in) networks and servers.

The book is fairly agnostic as to operating system, and there's coverage of Unix, Linux and Windows tools and systems. A willingness to dive to the command line is pretty much compulsory for all systems, however. Given the cross-platform nature of the beast, the authors recommend cygwin as a way of getting a Linux-like environment under Windows. The attached CD also includes a copy of Gnoppix, which is a CD-bootable Linux distribution that uses the Gnome desktop. It enables a Windows user to reboot into Linux and to access the security tools that come as standard with that operating system.

To be clear, this isn't a book about IT security as an abstract concept - and there are no chapters devoted to attempting to understand what drives hacking as a subculture, for example - it's a book devoted to the most useful of the tools and utilities used by hackers.

Title: Anti-Hacker Toolkit, 3rd edition

Anti-Hacker ToolkitVerdict: If you want to get to grips with the tools of the hacking trade, then this is a great place to do it.

Author: Mike Shema, Chris Davis, Aaron Philipp, David Cowen

Publisher: Osborne McGraw-Hill

ISBN: 0072262877

Media: Book

Buy this book at Cash 'n' Carrion. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.