Feeds

Anti-Hacker’s Toolkit

How they do it, so you can stop them

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Book review Sometimes it just pays to think bad thoughts. And, sometimes, it might even be a good idea to act on those bad thoughts. No, that doesn't mean you go out and shoot your boss. It does mean thinking bad thoughts about security. It means thinking like a hacker (no, not that sort of hacker, the sort that attacks your software/server/system).

We all know that security shouldn't be an afterthought when it comes to system design and development, but unless you know how a hacker attempts to crack a system how can you code for it?

The Anti-Hacker Toolkit isn't really designed for developers as such. It's a book that's aimed at those who need to defend rather than offend, which in practice means system admins, security personnel, web developers and so on. It takes the view that the best way of defending against attacks is to understand how attacks take place - what tools and techniques are likely to be used to launch attacks? And just what are the different types of attacks?

As suggested by the title, the book is a complete toolkit (with the individual tools included on the attached CD). It covers in some detail a very wide range of tools and utilities, with detailed instructions on how to use them, what the different options are and common usage scenarios.

The tools are organised by type: multi-function tools (including complete environments, such as VMware); server audit tools (from basic port scanners through to brute force password cracking, server hardening, backdoors and root kits); network auditing and defence (starting at the firewall and moving on to network reconnaissance, port redirectors, sniffers, wireless tools etc) and, finally, a section on incident response and computer forensics.

As you would expect from a book devoted to tools, the focus on the book is decidedly practical. That's not to say that it's just a glorified all-in-one manual for the tools that are covered. It's the material on usage that makes the book valuable, it shows how the tools can be used to attack (or seek out vulnerabilities in) networks and servers.

The book is fairly agnostic as to operating system, and there's coverage of Unix, Linux and Windows tools and systems. A willingness to dive to the command line is pretty much compulsory for all systems, however. Given the cross-platform nature of the beast, the authors recommend cygwin as a way of getting a Linux-like environment under Windows. The attached CD also includes a copy of Gnoppix, which is a CD-bootable Linux distribution that uses the Gnome desktop. It enables a Windows user to reboot into Linux and to access the security tools that come as standard with that operating system.

To be clear, this isn't a book about IT security as an abstract concept - and there are no chapters devoted to attempting to understand what drives hacking as a subculture, for example - it's a book devoted to the most useful of the tools and utilities used by hackers.

Title: Anti-Hacker Toolkit, 3rd edition

Anti-Hacker ToolkitVerdict: If you want to get to grips with the tools of the hacking trade, then this is a great place to do it.

Author: Mike Shema, Chris Davis, Aaron Philipp, David Cowen

Publisher: Osborne McGraw-Hill

ISBN: 0072262877

Media: Book

Buy this book at Cash 'n' Carrion. ®

Security for virtualized datacentres

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.