Halting the Hacker: A Book Review

 in
A good primer for people getting their security feet wet.

Title: Halting the Hacker, 2nd EditionAuthor: Donald PipkinISBN: 0130464163Publisher: Prentice Hall PTR

Halting the Hacker provides a good overview of Internet and system security issues, but it doesn't provide the in-depth analysis and step-by-step instructions that a more advanced sysadmin would like to have in a reference book. Though the book promises to provide detailed and in-depth knowledge, I believe it fell short of that target. This is not to say the book is without value or that it isn't a worthwhile endeavor for certain audiences. Simply put, better options are available for sysadmins, but this book certainly would be a viable choice for those beginning to explore the world of computer security.

The book is divided into four parts: "Understanding Hackers", "The Hacking Process", "Legal Recourse" and "Halting the Hacker". The book is about 350 pages and comes with a CD-ROM that reportedly contains the tools discussed in the book. I say reportedly because the CD-ROM in the book delivered to me was broken into tiny shards. This really was no great loss, as the CD-ROM is referenced only a few times in the text. In addition, I believe most people would opt to check for later versions of the software mentioned in the book rather than rely on those provided on the CD-ROM.

"Understanding Hackers" consists of four chapters that familiarize the reader with the stereotype, motives and mindset of the hacker. The information contained in part one of the book is fairly standard fare, easily available to anyone watching a decent documentary on the subject of hackers. A recent Discovery Channel treatise on the subject springs quickly to mind. Though the information is widely available, the book does provide many interesting real-world anecdotes throughout and should not be glossed over, if only for those anecdotes.

"The Hacking Process" does a good job of explaining the methodology of information gathering and exploitation typically used to gain access to a system and what could be done to lessen a hacker's chances. As is typical of the book, a few examples and commands are given but the bulk of the material is expositional in nature. I cannot emphasize enough that the quality of the exposition is well above average.

"Legal Resource" proved to be the part of the book most interesting to me. While it didn't deal with hackers, hacking or anti-hacking defenses, it did a great job of discussing the legalities and difficulties of prosecuting hackers. Special attention should be given to the chapter entitled "Improving Successful Prosecution". That chapter provided some simple and helpful tips on preserving evidence. This section of the book did not raise unnecessarily the readers' hopes of bringing errant hackers to justice. It plainly stated that the hopes of successfully prosecuting someone who breaks into your system are small at best. However, it did an excellent job of explaining the best ways to maximize those chances. This is the one section of the book that I felt would be helpful to an experienced sysadmin, who isn't already experienced at gathering evidence of a system break-in.

"Halting the Hacker", the final part of the book, didn't provide the depth of coverage necessary to the topic. Being more concerned with conceptual overviews, it fails to provide any realistic help to those looking to keep hackers out of their systems. Though 20 pages or so were positively brimming with commands and usage examples, they were mostly concerned with removing unnecessary software and services and checking file permissions. Various Internet FAQs and how-tos can provide this same information at a much cheaper price.

Halting the Hacker is very well written and provides an interesting read. It contains numerous real-world anecdotes that are well documented and prove to be informative and even amusing at times. It explains a wide range of security concepts and does so in simple, understandable language. I would recommend it to anyone starting out in a sysadmin career. I think it also would be a valuable asset in a cost justification scenario or as a primer for non-technical executives trying to gain some insight into the issues facing system administrators. Though it wouldn't serve as a hard-core technical reference, the book does shine in its ability to explain the key concepts behind system security.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Satellite tv technology

Melvyn's picture

Hi. The only way to get rid of a temptation is to yield to it.
I am from Emirates and too poorly know English, tell me right I wrote the following sentence: "Satellite tv, react for market satellite in the added range, which is all known in the philippines."

Best regards :(, Melvyn.

Re: Halting the Hacker: A Book Review

Anonymous's picture

Thomas Edison ! The ultimate hacker ! (Well, maybe Ben Franklin should have that honor). We don't wish to 'halt' (discourage) hacking - ever ! We wish to halt 'cracking'...yep - book should be reissued with new title...

Re: Halting the Hacker: A Book Review

Anonymous's picture

Totally agree with first post...anyone who's even been around free software or opensource software and the good folks working on it and with it for even a short amount of time and had their eyes and ears open would not even give the time of day to a book that used the term 'hacker' in this negative light. How did the reviewer also not take exception to the use of the term ? All hackers I have ever known are law-abiding, caring, intelligent individuals who HELP TO STOP crackers and their activities (the probable target of this book). This author can't have read the available information about hacking in general and in my mind, is completely clueless. Ergo, this book is worthless (begins, by title, from a false premise). I can't trust this author as a 'friend' of free software or in clearly understanding the "Hacker Ethic'.

If you want to "dig in" to information security issues - build yourself a 'foundation' first (BEFORE you go secure that network ! don't 'snap in' that RJ45 until you do !) - try Applied Cryptography (Bruce Schneier), for one. There are other good sources as well. Get Gooleing... Yes, it may be slow reading but, get used to it...information security, at the core, IS difficult to grasp AND implement well. It's a fact of network life at the moment.

Lastly - don't litigate - employ ! Better you nurture/turn a 'cracker' to 'hacker', than create meaningless make-work for lawyers...

The Apollo 13 'rescue' was a very famous 'hack', for a classic example, of what the hacker ethic can do at its very best - SAVE lives ! (not the opposite). Hacking is a 'creative' energy, not a destructive one. Sigh...

Book Price Comparison

Anonymous's picture

Check out http://www.aaabooksearch.com, an easy to use free service to find cheap book prices.

Re: Halting the Hacker: A Book Review

Anonymous's picture

Hi.

I was the reviewer. I did not take exception to the term hacker for a very simple reason. Most people don't bother to make the that particular distinction any longer. You are 100% correct that there is a difference between hacker and cracker, but most people (including the author, apparently) don't know the difference, nor do they particularly care to learn of the difference. The purpose of the review wasn't to educate the teeming masses or engage in a philosophical debate, it was to advise the reader of the strengths and weaknesses of the book itself.

Sincerely,
Ron Powell

Re: Halting the Hacker: A Book Review

Anonymous's picture

ROTFL

hacker != cracker

hacker = Linus Torvalds, Alan Cox, etc.
cracker = bad guys on internet

Resource:

ESR: http://catb.org/~esr/faqs/hacker-howto.html

The right title:

Halting the Cracker: A Book Review

!!

Re: Halting the Hacker: A Book Review

Anonymous's picture

Halting the Cracker

For some reason this brings to mind the phrase "Stop right there, Whitey."

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState