Halting the Hacker: A Book Review

 in
A good primer for people getting their security feet wet.

Title: Halting the Hacker, 2nd EditionAuthor: Donald PipkinISBN: 0130464163Publisher: Prentice Hall PTR

Halting the Hacker provides a good overview of Internet and system security issues, but it doesn't provide the in-depth analysis and step-by-step instructions that a more advanced sysadmin would like to have in a reference book. Though the book promises to provide detailed and in-depth knowledge, I believe it fell short of that target. This is not to say the book is without value or that it isn't a worthwhile endeavor for certain audiences. Simply put, better options are available for sysadmins, but this book certainly would be a viable choice for those beginning to explore the world of computer security.

The book is divided into four parts: "Understanding Hackers", "The Hacking Process", "Legal Recourse" and "Halting the Hacker". The book is about 350 pages and comes with a CD-ROM that reportedly contains the tools discussed in the book. I say reportedly because the CD-ROM in the book delivered to me was broken into tiny shards. This really was no great loss, as the CD-ROM is referenced only a few times in the text. In addition, I believe most people would opt to check for later versions of the software mentioned in the book rather than rely on those provided on the CD-ROM.

"Understanding Hackers" consists of four chapters that familiarize the reader with the stereotype, motives and mindset of the hacker. The information contained in part one of the book is fairly standard fare, easily available to anyone watching a decent documentary on the subject of hackers. A recent Discovery Channel treatise on the subject springs quickly to mind. Though the information is widely available, the book does provide many interesting real-world anecdotes throughout and should not be glossed over, if only for those anecdotes.

"The Hacking Process" does a good job of explaining the methodology of information gathering and exploitation typically used to gain access to a system and what could be done to lessen a hacker's chances. As is typical of the book, a few examples and commands are given but the bulk of the material is expositional in nature. I cannot emphasize enough that the quality of the exposition is well above average.

"Legal Resource" proved to be the part of the book most interesting to me. While it didn't deal with hackers, hacking or anti-hacking defenses, it did a great job of discussing the legalities and difficulties of prosecuting hackers. Special attention should be given to the chapter entitled "Improving Successful Prosecution". That chapter provided some simple and helpful tips on preserving evidence. This section of the book did not raise unnecessarily the readers' hopes of bringing errant hackers to justice. It plainly stated that the hopes of successfully prosecuting someone who breaks into your system are small at best. However, it did an excellent job of explaining the best ways to maximize those chances. This is the one section of the book that I felt would be helpful to an experienced sysadmin, who isn't already experienced at gathering evidence of a system break-in.

"Halting the Hacker", the final part of the book, didn't provide the depth of coverage necessary to the topic. Being more concerned with conceptual overviews, it fails to provide any realistic help to those looking to keep hackers out of their systems. Though 20 pages or so were positively brimming with commands and usage examples, they were mostly concerned with removing unnecessary software and services and checking file permissions. Various Internet FAQs and how-tos can provide this same information at a much cheaper price.

Halting the Hacker is very well written and provides an interesting read. It contains numerous real-world anecdotes that are well documented and prove to be informative and even amusing at times. It explains a wide range of security concepts and does so in simple, understandable language. I would recommend it to anyone starting out in a sysadmin career. I think it also would be a valuable asset in a cost justification scenario or as a primer for non-technical executives trying to gain some insight into the issues facing system administrators. Though it wouldn't serve as a hard-core technical reference, the book does shine in its ability to explain the key concepts behind system security.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Satellite tv technology

Melvyn's picture

Hi. The only way to get rid of a temptation is to yield to it.
I am from Emirates and too poorly know English, tell me right I wrote the following sentence: "Satellite tv, react for market satellite in the added range, which is all known in the philippines."

Best regards :(, Melvyn.

Re: Halting the Hacker: A Book Review

Anonymous's picture

Thomas Edison ! The ultimate hacker ! (Well, maybe Ben Franklin should have that honor). We don't wish to 'halt' (discourage) hacking - ever ! We wish to halt 'cracking'...yep - book should be reissued with new title...

Re: Halting the Hacker: A Book Review

Anonymous's picture

Totally agree with first post...anyone who's even been around free software or opensource software and the good folks working on it and with it for even a short amount of time and had their eyes and ears open would not even give the time of day to a book that used the term 'hacker' in this negative light. How did the reviewer also not take exception to the use of the term ? All hackers I have ever known are law-abiding, caring, intelligent individuals who HELP TO STOP crackers and their activities (the probable target of this book). This author can't have read the available information about hacking in general and in my mind, is completely clueless. Ergo, this book is worthless (begins, by title, from a false premise). I can't trust this author as a 'friend' of free software or in clearly understanding the "Hacker Ethic'.

If you want to "dig in" to information security issues - build yourself a 'foundation' first (BEFORE you go secure that network ! don't 'snap in' that RJ45 until you do !) - try Applied Cryptography (Bruce Schneier), for one. There are other good sources as well. Get Gooleing... Yes, it may be slow reading but, get used to it...information security, at the core, IS difficult to grasp AND implement well. It's a fact of network life at the moment.

Lastly - don't litigate - employ ! Better you nurture/turn a 'cracker' to 'hacker', than create meaningless make-work for lawyers...

The Apollo 13 'rescue' was a very famous 'hack', for a classic example, of what the hacker ethic can do at its very best - SAVE lives ! (not the opposite). Hacking is a 'creative' energy, not a destructive one. Sigh...

Book Price Comparison

Anonymous's picture

Check out http://www.aaabooksearch.com, an easy to use free service to find cheap book prices.

Re: Halting the Hacker: A Book Review

Anonymous's picture

Hi.

I was the reviewer. I did not take exception to the term hacker for a very simple reason. Most people don't bother to make the that particular distinction any longer. You are 100% correct that there is a difference between hacker and cracker, but most people (including the author, apparently) don't know the difference, nor do they particularly care to learn of the difference. The purpose of the review wasn't to educate the teeming masses or engage in a philosophical debate, it was to advise the reader of the strengths and weaknesses of the book itself.

Sincerely,
Ron Powell

Re: Halting the Hacker: A Book Review

Anonymous's picture

ROTFL

hacker != cracker

hacker = Linus Torvalds, Alan Cox, etc.
cracker = bad guys on internet

Resource:

ESR: http://catb.org/~esr/faqs/hacker-howto.html

The right title:

Halting the Cracker: A Book Review

!!

Re: Halting the Hacker: A Book Review

Anonymous's picture

Halting the Cracker

For some reason this brings to mind the phrase "Stop right there, Whitey."

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix