When you're about to read a book that already reached its fourth edition, you know you're about to embark on an interesting journey. Since it's debut in 1997, the Maximum Security series has reached a worldwide audience and has been translated into five languages. What does this edition bring? Read on to find out.
About the authors
The lead author of this book is Anonymous. He is an experienced computer hacker who specializes in testing security of various networking platforms. He was convicted of a series of financial crimes in the late 1980s and now works as a writer, trainer, and security consultant.
The contributing authors are quite a few: Greg Shipley (CTO for Neohapsis), Jonathan Feldman (contributing editor with Network Computing magazine), Robert Blader (works at the Naval Surface Warfare Center), Chad Cook (worked with network and operating system security), David Harley (maintains a number of virus and security related information resources), Joe Jenkins (system administrator/security consultant with NoWalls, Inc.), L.J. Locher (network administrator, programmer, and security consultant), Toby Miller (security engineer for Advanced Systems Development) Brooke Paul (information technology and security consultant), Nicholas Raba (expert on Macintosh security), Gregory White (Vice President of profession services at SecureLogix).
Inside the book
We all know that security is not static but an ongoing process. A good security program has to be the result of careful planning. The first chapter of the book presents a brief overview of an effective security program's essential components. The text helps you understand your enterprise's process model and evaluate its security posture. Briefly explained is also the identification of digital assets and their protection, the incident response policy and the training of users and administrators. After all of this has been covered, we see a figure that depicts a fast-track cycle to an effective proactive security plan, as well as other examples.
In case you are not paranoid enough, you will be after reading the chapter that follows. Here the author presents the present state of the net: a world at war. Governments are fighting for information and terrorists are using the Internet to plan attacks. The public has access to military-grade encryption and credit card fraud is way up. Any site can be cracked so no one is safe, including banks, airports and hospitals. Basically, things are getting more and more complicated and you have to try to keep up.
One of the most anger-driven discussions that arise when discussing security books is about the usage of terms such as "hacker" and "cracker" in the appropriate context. This book presents a clear distinction between these terms and the author doesn't make the mistake of some other authors. Crackers are bad, mkay? As an interesting note, the author refers to Kevin Mitnick as cracker. Also presented here are methodologies used to attack a network as well as an overview of the Sans Top 20 vulnerabilities that can be exploited.
Implementing security measures is not enough. You have to keep up with what's happening in the security world to ensure a constant level of security. To help you achieve this, the author lists many sources: websites, mailing lists, newsgroups and so on. Although subscribing to many lists can clutter up your mailbox with much invaluable information, you should try to keep up. In order to make your life easier, the author delivers some suggestions on what to do.
Internal security has been a frequent topic last year. Disgruntled employees made it in the news after stealing information, disrupting services and other illegal activities. This book, naturally, has also a chapter dedicated to internal security that, even if rather short, provides valuable information. There are many things that can go wrong, so what's the worst? You have to identify the risks and introduce yourself to the different types of employees. When it comes to physical security there's a "dos" and "don'ts" list to make your job easier and your data more secure. Another issue that companies face is the trouble in identifying problems when hiring new people. You'll find information about that as well as the problems related to content restriction.
What follows is a brief primer of TCP/IP. This chapter answers show you what TCP/IP is and how it works. It also covers network-level and application-level protocols and mentions IPSec, IPv6 and VPNs. If you desire more information on the subject, you'll find a variety of links you can use.
Moving on you'll find information on spoofing attacks. Aside from a comprehensive explanation of how spoofing attacks work, we also find a myriad of utilities and links that you can use to feed your desire for more information. The author recommends a constant keeping up with new advisories since new spoofing attacks tend to emerge from time to time. Everything is presented very clearly and by the end of the chapter you should have a clear understanding of spoofing attacks and how to prevent them.
Another hot topic these days is personal privacy. There's always something you can do to protect yourself while surfing online. We see what degrees of exposure there are and how we are exposed while web browsing. The author claims that your e-mail address can expose you to spying on Usenet and he proves how by providing an extensive example.
The following chapter is something unique to this book, a text dedicated to the dispelling of some myths. The author notes that the extensive growth of the Internet has brought computer security directly in the face of everyone. This has contributed to the birth of a growing number of hoaxes, myths and exaggerations about the risks you might face when online. We see when attacks can occur and who are the people behind them. Here you find script kiddies, black hats and white hats. If you ever wondered if there's a typical attack, if there's someone that gets targeted most frequently or what are the motives of the attackers, this is the place to get all the answers.
When writing about firewalls, the author manages to provide the reader with a comprehensive text on the subject. Shown here, among other things, are the features found in firewall products, the pitfalls of firewalling, building firewalls in the real world and details on commercial firewalls.
Vulnerability assessment tools, popularly known as scanners, are the next topic. After a brief history of scanners we begin to learn how they work. To help you identify what scanner is right for you, the author shows you what to look for. Based on his experiences, the author recommends a few scanners and lists several others you should keep an eye out for.
Also important parts of the overall security architecture are intrusion detection systems and logging tools. You'll learn about network-based, host-based and anomaly-based intrusion detection systems. Your dilemma in choosing and IDS are going to be solved, at least in part. There's also some material on Snort and a list of intrusion detection products. When it comes to logging tools, first you'll see why logging is important and you'll be able to form a logging strategy. The author also notes the utmost importance of keeping logs if you want to make a case against a cracker one day.
One of the first lines of defense are passwords. The following chapter will introduce you to the password cracking process. Mentioned are many password crackers you can try out for yourself. For all you Cisco users out there, there's also a part dedicated to the cracking of Cisco IOS passwords.
To identify potential areas of concern and analyze network traffic you can use sniffers. The author examines both commercial and freeware sniffers as both security risks and administration tools. You'll see what information you're able to capture with a sniffer, where to get one and also how to detect and eliminate sniffers. There's also a list of commercial and freely available sniffers that will give you an idea of what's available.
Next comes a chapter about a topic all of you have at least heard about - Denial of Service attacks. The author explains what DoS is and how it works. Explained in detail are e-mail bomb resource attacks and protocols as well as both recent and historical DoS attacks.
Everybody has heard about computer viruses and worms. You may ask yourselves: who writes viruses, why and how? You'll find all the details in this chapter. A virus is, conceptually, a simple program. You'll learn how viruses work and how they can be classified into five main classes: boot sector infectors, file infectors, multipartite viruses, macro viruses and scripting viruses. We also see how worms work and we are presented with a list of antivirus utilities as well as a list of publications and websites.
Moving on the author presents a menace that has been with us for almost as long as the computer - trojans. To start off we can see what trojans are and where they come from. Since trojans are difficult to detect using heuristic detection, they represent a moderate-to-serious level of risk and sometimes they can lead to total system compromise. To detect trojans the author mentions a few tools including the popular Tripwire.
The following chapter discusses considerations for network architecture that enhance the security of the computing and network environment. The author writes about access devices, security devices, servers and systems, organization and layout. When it comes to the various threats there's an overview of external, internal and physical attacks. Explained are also the concepts of network separation and network isolation.
The following three chapters are dedicated to a comprehensive overview of Microsoft, Unix and Novell Netware. There's a ton on information in these chapters that any administrator will find very valuable indeed. Perhaps one of the most important topics mentioned in the chapters related to Microsoft and Unix is an overview of specific vulnerabilities. Windows users will be happy to know that there's also some information on Windows XP, although I was expecting more. Unix gets the most exposure with a ton of nicely selected content including: rootkits, secure shell, host network security, telnet, FTP, etc.
The book continues with a chapter dedicated to routers, switches and hubs. The focus here is on the configuration and deployment of secure equipment. As the author notes, he chose to focus on Cisco products since they are by far the most predominantly used.
What I was actually surprised to see in this book was a large chapter dedicated to Macintosh security. The author introduces Mac OS X, writes on how to establish the Mac as a server, mentions some vulnerabilities, and so on. There are many tools introduced in this chapter as well as antivirus solutions and web resources. If you're a Mac user, you'll find this chapter to be pure gold.
The author really did think of everything. I was trying to think of something that was not mentioned in this book, and I thought about security policies. Wrong! Chapter 25 deals with policies, procedures and enforcement and will teach you the importance of security policies and their usage. Programmers will also get their hands on something they can use since chapter 26 deals with secure application development, languages and extensions. You'll learn about secure coding practices and other interesting tidbits on securing your applications.
The last chapter of this book deals with wireless security auditing. Surveillance, war driving, DoS, WEP cracking... is that a smile I see on your face? :) Yes, it's very interesting and well written. I can assure you it's a great read.
The CD-ROM that comes with this book contains security tools for various platforms and all of them are also listed for your convenience in appendix D in the book. The author included an URL with every software title so you can check out if a new version has been released since the CD-ROM was published.
My 2 cents
What more can I really say after everything I've written above? I love this book, it is rather huge in size, but it gives the equal amount of quality knowledge.
At the end of every chapter in this book you'll find additional resources such as websites and books which makes this book incredibly complete as it points the reader in the right direction every single time. This is what makes this book a great reference guide - keep it always close.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.