Loading
Halting the Hacker: A Book Review
A good primer for people getting their security feet wet.
Title: Halting the Hacker, 2nd EditionAuthor: Donald PipkinISBN: 0130464163Publisher: Prentice Hall PTR
Halting the Hacker provides a good overview of Internet and system security issues, but it doesn't provide the in-depth analysis and step-by-step instructions that a more advanced sysadmin would like to have in a reference book. Though the book promises to provide detailed and in-depth knowledge, I believe it fell short of that target. This is not to say the book is without value or that it isn't a worthwhile endeavor for certain audiences. Simply put, better options are available for sysadmins, but this book certainly would be a viable choice for those beginning to explore the world of computer security.
The book is divided into four parts: "Understanding Hackers", "The Hacking Process", "Legal Recourse" and "Halting the Hacker". The book is about 350 pages and comes with a CD-ROM that reportedly contains the tools discussed in the book. I say reportedly because the CD-ROM in the book delivered to me was broken into tiny shards. This really was no great loss, as the CD-ROM is referenced only a few times in the text. In addition, I believe most people would opt to check for later versions of the software mentioned in the book rather than rely on those provided on the CD-ROM.
"Understanding Hackers" consists of four chapters that familiarize the reader with the stereotype, motives and mindset of the hacker. The information contained in part one of the book is fairly standard fare, easily available to anyone watching a decent documentary on the subject of hackers. A recent Discovery Channel treatise on the subject springs quickly to mind. Though the information is widely available, the book does provide many interesting real-world anecdotes throughout and should not be glossed over, if only for those anecdotes.
"The Hacking Process" does a good job of explaining the methodology of information gathering and exploitation typically used to gain access to a system and what could be done to lessen a hacker's chances. As is typical of the book, a few examples and commands are given but the bulk of the material is expositional in nature. I cannot emphasize enough that the quality of the exposition is well above average.
"Legal Resource" proved to be the part of the book most interesting to me. While it didn't deal with hackers, hacking or anti-hacking defenses, it did a great job of discussing the legalities and difficulties of prosecuting hackers. Special attention should be given to the chapter entitled "Improving Successful Prosecution". That chapter provided some simple and helpful tips on preserving evidence. This section of the book did not raise unnecessarily the readers' hopes of bringing errant hackers to justice. It plainly stated that the hopes of successfully prosecuting someone who breaks into your system are small at best. However, it did an excellent job of explaining the best ways to maximize those chances. This is the one section of the book that I felt would be helpful to an experienced sysadmin, who isn't already experienced at gathering evidence of a system break-in.
"Halting the Hacker", the final part of the book, didn't provide the depth of coverage necessary to the topic. Being more concerned with conceptual overviews, it fails to provide any realistic help to those looking to keep hackers out of their systems. Though 20 pages or so were positively brimming with commands and usage examples, they were mostly concerned with removing unnecessary software and services and checking file permissions. Various Internet FAQs and how-tos can provide this same information at a much cheaper price.
Halting the Hacker is very well written and provides an interesting read. It contains numerous real-world anecdotes that are well documented and prove to be informative and even amusing at times. It explains a wide range of security concepts and does so in simple, understandable language. I would recommend it to anyone starting out in a sysadmin career. I think it also would be a valuable asset in a cost justification scenario or as a primer for non-technical executives trying to gain some insight into the issues facing system administrators. Though it wouldn't serve as a hard-core technical reference, the book does shine in its ability to explain the key concepts behind system security.
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Designing Electronics with Linux
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- What's the tweeting protocol?
- Kernel Problem
2 hours 52 min ago - BASH script to log IPs on public web server
7 hours 19 min ago - DynDNS
10 hours 54 min ago - Reply to comment | Linux Journal
11 hours 27 min ago - All the articles you talked
13 hours 50 min ago - All the articles you talked
13 hours 53 min ago - All the articles you talked
13 hours 55 min ago - myip
18 hours 19 min ago - Keeping track of IP address
20 hours 10 min ago - Roll your own dynamic dns
1 day 1 hour ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
Satellite tv technology
Hi. The only way to get rid of a temptation is to yield to it.
I am from Emirates and too poorly know English, tell me right I wrote the following sentence: "Satellite tv, react for market satellite in the added range, which is all known in the philippines."
Best regards :(, Melvyn.
Re: Halting the Hacker: A Book Review
Thomas Edison ! The ultimate hacker ! (Well, maybe Ben Franklin should have that honor). We don't wish to 'halt' (discourage) hacking - ever ! We wish to halt 'cracking'...yep - book should be reissued with new title...
Re: Halting the Hacker: A Book Review
Totally agree with first post...anyone who's even been around free software or opensource software and the good folks working on it and with it for even a short amount of time and had their eyes and ears open would not even give the time of day to a book that used the term 'hacker' in this negative light. How did the reviewer also not take exception to the use of the term ? All hackers I have ever known are law-abiding, caring, intelligent individuals who HELP TO STOP crackers and their activities (the probable target of this book). This author can't have read the available information about hacking in general and in my mind, is completely clueless. Ergo, this book is worthless (begins, by title, from a false premise). I can't trust this author as a 'friend' of free software or in clearly understanding the "Hacker Ethic'.
If you want to "dig in" to information security issues - build yourself a 'foundation' first (BEFORE you go secure that network ! don't 'snap in' that RJ45 until you do !) - try Applied Cryptography (Bruce Schneier), for one. There are other good sources as well. Get Gooleing... Yes, it may be slow reading but, get used to it...information security, at the core, IS difficult to grasp AND implement well. It's a fact of network life at the moment.
Lastly - don't litigate - employ ! Better you nurture/turn a 'cracker' to 'hacker', than create meaningless make-work for lawyers...
The Apollo 13 'rescue' was a very famous 'hack', for a classic example, of what the hacker ethic can do at its very best - SAVE lives ! (not the opposite). Hacking is a 'creative' energy, not a destructive one. Sigh...
Book Price Comparison
Check out http://www.aaabooksearch.com, an easy to use free service to find cheap book prices.
Re: Halting the Hacker: A Book Review
Hi.
I was the reviewer. I did not take exception to the term hacker for a very simple reason. Most people don't bother to make the that particular distinction any longer. You are 100% correct that there is a difference between hacker and cracker, but most people (including the author, apparently) don't know the difference, nor do they particularly care to learn of the difference. The purpose of the review wasn't to educate the teeming masses or engage in a philosophical debate, it was to advise the reader of the strengths and weaknesses of the book itself.
Sincerely,
Ron Powell
Re: Halting the Hacker: A Book Review
ROTFL
hacker != cracker
hacker = Linus Torvalds, Alan Cox, etc.
cracker = bad guys on internet
Resource:
ESR: http://catb.org/~esr/faqs/hacker-howto.html
The right title:
Halting the Cracker: A Book Review
!!
Re: Halting the Hacker: A Book Review
Halting the Cracker
For some reason this brings to mind the phrase "Stop right there, Whitey."