Inside Internet Security: What Hackers Don’t Want You To Know

Product Description
Hackers know things that you don’t. That’s their edge. It’s the reason that they are able to break into networks, leaving a path of destruction in their wake. This book discusses some of the tricks of the hacker trade — things that are well known in the hacker community but all too foreign to the I/T support staff. The intention is to dispel some of the common myths and misconceptions surrounding computer network security which lead to vulnerabilities that hack… More >>

Inside Internet Security: What Hackers Don’t Want You To Know

5 replies
  1. Anonymous says:

    The book offers a good overview of information security, though with a lot of “talk”. I found myself scanning 75% of the paragraphs for the meat….I’m a software engineer, and have read “Secret’s and Lies”, which offers a much more thorough and better review of the subject. Buy it, instead. Not only will you get a better education, but you’ll actually read the entire book instead of skimming most of it.

    …Neither this nor “Secrets and Lies” will offer much specific information on security loopholes, i.e. how to hack or avoid being hacked. “Hacking Exposed” does that, however, and is a good read, too.
    Rating: 2 / 5

  2. Charles Ashbacher says:

    As a new field where speed is essential and getting there first is sometimes more important than following the correct path, computing suffers from more than its share of unsubstantiated claims. However, it is a field of human endeavor like all others we engage in, which means the social laws apply here as well. The recent burst of the “Internet bubble” should have surprised no one, as it is just the basic laws of business finally asserting themselves. Since it involves humans doing things where the consequences can be very visible, it is inevitable that it will attract people who will deface or destroy something just for the attention it generates. Therefore, like all other things we do in life, it is necessary to remain wary when using the Internet, and this book generally delivers help without the hype.
    When reading this book, it is clear that most of the problems involving computer security involve fundamental oversights or misfeasance on the part of someone. As I read through the examples in this book, I was reminded of the biography I read of the Nobel prize winning physicist Richard Feynman. He managed to obtain a reputation among his fellow workers as an expert safe cracker. However, as he makes quite clear when describing his life, most of this was just simple logic and luck in combination with oversight. The people around him tended to leave their combination locks on the last number, which reduced the possibilities and one time he managed to crack a safe by simply opening it, as it had not been properly latched. Some time ago, there was an announcement of a security flaw in Linux. It turned out that if some defaults were not altered after the install, it would be possible for unauthorized persons to access the system. If there is a flaw here, it is hardly a problem with Linux.
    Therefore, most of the solutions presented in the book fall under the umbrella of common sense. Use “complex” passwords and don’t write them down in obvious places such as in a desk drawer. Furthermore, do not give out sensitive information over the phone, which is something I preach to my young children. The recent hilarious case of Oracle operatives doing some dumpster diving outside the Microsoft offices points out that one of the most efficient security features is to destroy any paper containing sensitive information.
    While most of the book is good, there was one point where I severely disagreed with the author. On page 45 there is a chart of components with 99.9% confidence of security and a computation concerning the confidence of security for ten such components as well as the hours and days of cumulative vulnerability based on these confidence levels. Granted, the author qualifies this as being merely a theoretical discussion, but it is still very misleading. Probabilities like this are most likely not additive, as following one path means the elimination of another. To say that having a component that is 99.9% secure means that it is “open” 8.8 hours of the year is simply not correct. In fact, the author does not really define precisely what is meant by a 99.9% confidence of security.
    I also question one other premise of the book, namely that a hacker defacing a site is a catastrophe. What people care about is that the data inside and all critical transmissions are secure. As long as the bank vault is untouched, I am not greatly disturbed if someone spray paints the sign out front. Most web users are smart enough to appreciate this difference.
    Being aware of the risks inherent in using the Internet is the most important thing you can do to cover your caboose when using it. In this book, you will learn that using the simple awareness and common sense caution that you always use when conducting business with strangers is the best approach to security on the Internet.
    Rating: 4 / 5

  3. Richard Bejtlich says:

    I am an Air Force officer and technical resource for a 50-person military intrusion detection operation. I constantly search for sources of information useful to front-line security personnel, and I rate books against that standard.

    “Inside Internet Security” is a book managers and new security workers would find enlightening. I would not recommend it for anyone who’s been “in the trenches” for 6-12 months or more. The content can be found in many other works and I did not learn anything new, save for minor trivia, such as the fact the AS/4000 includes an integrated firewall on a separate coprocessor card (p. 84).

    This does not mean the book is without merit. Its length (250 pages) will not scare readers away, and its range of topics provide a solid introduction to the security realm. Still, this book isn’t really about “what hackers don’t want you to know,” since the material is relatively basic. Books like “Hacking Exposed” probably come closer to explaining specific techniques for penetrating networks. I’m afraid what hackers really don’t want “white-hats” to know isn’t in print, either on paper or on the Internet.
    Rating: 3 / 5

  4. Maxime Bombardier says:

    Finally, a book that will show why hackers are doing their work rather than just giving all the tools to do it. “Security” books that shows you all the available tool to run a DoS are coming out at a fast-pace but are they really helping you to get more budget for security? No, they just give a one-stop place to learn how to bring down a networked server. Of course, they have some fixes on how to prevent them but it mainly comes to “install the latest patch” and “install a firewall”. Well, we all know this part and most companies now have firewall (that the installation is good or not…).

    This book will go beyond that point and explains to managers why security is important; Why Firewall & patches will not prevent you from being cracked; Why do you need to understand the hackers in order to catch them; etc. Don’t let the size of this book (about 250 pages) put you down since the author judiciously decided to keep to the facts rather than speculate. You will only find good information.

    The only thing that it still lacks (but it is also hard to have in a book because of on-going product (and hacker tools) development) is to define which firewall applications is good; the pros & cons of each of them; is it helpful to have multiple firewall and if so; how to set it up; etc. I was tired of all those books that will mainly help hackers (could be called Implementing Security Breaches) and this book is finally a book for Managers & IT Personnel that needs “written” proofs rather than just tools. I see it as a step forward and my only hope is that we will soon have a book that fully goes into implementing security.
    Rating: 4 / 5

  5. Marcus Leech says:

    This book is must for any IT manager, Security Officer, or even CIO, who wants to get inside the heads of hackers and industrial espionage agents. While the technical content is rather modest, the book provides something much more valuable. It gives you insight into the motivations and m.o. of script kiddies, hackers, and other denizens of the cybernetic dark side.
    Rating: 4 / 5

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.