Feeds

Anti-Hacker’s Toolkit

How they do it, so you can stop them

  • alert
  • submit to reddit

SANS - Survey on application security programs

Book review Sometimes it just pays to think bad thoughts. And, sometimes, it might even be a good idea to act on those bad thoughts. No, that doesn't mean you go out and shoot your boss. It does mean thinking bad thoughts about security. It means thinking like a hacker (no, not that sort of hacker, the sort that attacks your software/server/system).

We all know that security shouldn't be an afterthought when it comes to system design and development, but unless you know how a hacker attempts to crack a system how can you code for it?

The Anti-Hacker Toolkit isn't really designed for developers as such. It's a book that's aimed at those who need to defend rather than offend, which in practice means system admins, security personnel, web developers and so on. It takes the view that the best way of defending against attacks is to understand how attacks take place - what tools and techniques are likely to be used to launch attacks? And just what are the different types of attacks?

As suggested by the title, the book is a complete toolkit (with the individual tools included on the attached CD). It covers in some detail a very wide range of tools and utilities, with detailed instructions on how to use them, what the different options are and common usage scenarios.

The tools are organised by type: multi-function tools (including complete environments, such as VMware); server audit tools (from basic port scanners through to brute force password cracking, server hardening, backdoors and root kits); network auditing and defence (starting at the firewall and moving on to network reconnaissance, port redirectors, sniffers, wireless tools etc) and, finally, a section on incident response and computer forensics.

As you would expect from a book devoted to tools, the focus on the book is decidedly practical. That's not to say that it's just a glorified all-in-one manual for the tools that are covered. It's the material on usage that makes the book valuable, it shows how the tools can be used to attack (or seek out vulnerabilities in) networks and servers.

The book is fairly agnostic as to operating system, and there's coverage of Unix, Linux and Windows tools and systems. A willingness to dive to the command line is pretty much compulsory for all systems, however. Given the cross-platform nature of the beast, the authors recommend cygwin as a way of getting a Linux-like environment under Windows. The attached CD also includes a copy of Gnoppix, which is a CD-bootable Linux distribution that uses the Gnome desktop. It enables a Windows user to reboot into Linux and to access the security tools that come as standard with that operating system.

To be clear, this isn't a book about IT security as an abstract concept - and there are no chapters devoted to attempting to understand what drives hacking as a subculture, for example - it's a book devoted to the most useful of the tools and utilities used by hackers.

Title: Anti-Hacker Toolkit, 3rd edition

Anti-Hacker ToolkitVerdict: If you want to get to grips with the tools of the hacking trade, then this is a great place to do it.

Author: Mike Shema, Chris Davis, Aaron Philipp, David Cowen

Publisher: Osborne McGraw-Hill

ISBN: 0072262877

Media: Book

Buy this book at Cash 'n' Carrion. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.