Halting the Hacker: A Book Review
Title: Halting the Hacker, 2nd EditionAuthor: Donald PipkinISBN: 0130464163Publisher: Prentice Hall PTR
Halting the Hacker provides a good overview of Internet and system security issues, but it doesn't provide the in-depth analysis and step-by-step instructions that a more advanced sysadmin would like to have in a reference book. Though the book promises to provide detailed and in-depth knowledge, I believe it fell short of that target. This is not to say the book is without value or that it isn't a worthwhile endeavor for certain audiences. Simply put, better options are available for sysadmins, but this book certainly would be a viable choice for those beginning to explore the world of computer security.
The book is divided into four parts: "Understanding Hackers", "The Hacking Process", "Legal Recourse" and "Halting the Hacker". The book is about 350 pages and comes with a CD-ROM that reportedly contains the tools discussed in the book. I say reportedly because the CD-ROM in the book delivered to me was broken into tiny shards. This really was no great loss, as the CD-ROM is referenced only a few times in the text. In addition, I believe most people would opt to check for later versions of the software mentioned in the book rather than rely on those provided on the CD-ROM.
"Understanding Hackers" consists of four chapters that familiarize the reader with the stereotype, motives and mindset of the hacker. The information contained in part one of the book is fairly standard fare, easily available to anyone watching a decent documentary on the subject of hackers. A recent Discovery Channel treatise on the subject springs quickly to mind. Though the information is widely available, the book does provide many interesting real-world anecdotes throughout and should not be glossed over, if only for those anecdotes.
"The Hacking Process" does a good job of explaining the methodology of information gathering and exploitation typically used to gain access to a system and what could be done to lessen a hacker's chances. As is typical of the book, a few examples and commands are given but the bulk of the material is expositional in nature. I cannot emphasize enough that the quality of the exposition is well above average.
"Legal Resource" proved to be the part of the book most interesting to me. While it didn't deal with hackers, hacking or anti-hacking defenses, it did a great job of discussing the legalities and difficulties of prosecuting hackers. Special attention should be given to the chapter entitled "Improving Successful Prosecution". That chapter provided some simple and helpful tips on preserving evidence. This section of the book did not raise unnecessarily the readers' hopes of bringing errant hackers to justice. It plainly stated that the hopes of successfully prosecuting someone who breaks into your system are small at best. However, it did an excellent job of explaining the best ways to maximize those chances. This is the one section of the book that I felt would be helpful to an experienced sysadmin, who isn't already experienced at gathering evidence of a system break-in.
"Halting the Hacker", the final part of the book, didn't provide the depth of coverage necessary to the topic. Being more concerned with conceptual overviews, it fails to provide any realistic help to those looking to keep hackers out of their systems. Though 20 pages or so were positively brimming with commands and usage examples, they were mostly concerned with removing unnecessary software and services and checking file permissions. Various Internet FAQs and how-tos can provide this same information at a much cheaper price.
Halting the Hacker is very well written and provides an interesting read. It contains numerous real-world anecdotes that are well documented and prove to be informative and even amusing at times. It explains a wide range of security concepts and does so in simple, understandable language. I would recommend it to anyone starting out in a sysadmin career. I think it also would be a valuable asset in a cost justification scenario or as a primer for non-technical executives trying to gain some insight into the issues facing system administrators. Though it wouldn't serve as a hard-core technical reference, the book does shine in its ability to explain the key concepts behind system security.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Google's SwiftShader Released
- Doing for User Space What We Did for Kernel Space
- SuperTuxKart 0.9.2 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide