Halting the Hacker: A Book Review
Title: Halting the Hacker, 2nd EditionAuthor: Donald PipkinISBN: 0130464163Publisher: Prentice Hall PTR
Halting the Hacker provides a good overview of Internet and system security issues, but it doesn't provide the in-depth analysis and step-by-step instructions that a more advanced sysadmin would like to have in a reference book. Though the book promises to provide detailed and in-depth knowledge, I believe it fell short of that target. This is not to say the book is without value or that it isn't a worthwhile endeavor for certain audiences. Simply put, better options are available for sysadmins, but this book certainly would be a viable choice for those beginning to explore the world of computer security.
The book is divided into four parts: "Understanding Hackers", "The Hacking Process", "Legal Recourse" and "Halting the Hacker". The book is about 350 pages and comes with a CD-ROM that reportedly contains the tools discussed in the book. I say reportedly because the CD-ROM in the book delivered to me was broken into tiny shards. This really was no great loss, as the CD-ROM is referenced only a few times in the text. In addition, I believe most people would opt to check for later versions of the software mentioned in the book rather than rely on those provided on the CD-ROM.
"Understanding Hackers" consists of four chapters that familiarize the reader with the stereotype, motives and mindset of the hacker. The information contained in part one of the book is fairly standard fare, easily available to anyone watching a decent documentary on the subject of hackers. A recent Discovery Channel treatise on the subject springs quickly to mind. Though the information is widely available, the book does provide many interesting real-world anecdotes throughout and should not be glossed over, if only for those anecdotes.
"The Hacking Process" does a good job of explaining the methodology of information gathering and exploitation typically used to gain access to a system and what could be done to lessen a hacker's chances. As is typical of the book, a few examples and commands are given but the bulk of the material is expositional in nature. I cannot emphasize enough that the quality of the exposition is well above average.
"Legal Resource" proved to be the part of the book most interesting to me. While it didn't deal with hackers, hacking or anti-hacking defenses, it did a great job of discussing the legalities and difficulties of prosecuting hackers. Special attention should be given to the chapter entitled "Improving Successful Prosecution". That chapter provided some simple and helpful tips on preserving evidence. This section of the book did not raise unnecessarily the readers' hopes of bringing errant hackers to justice. It plainly stated that the hopes of successfully prosecuting someone who breaks into your system are small at best. However, it did an excellent job of explaining the best ways to maximize those chances. This is the one section of the book that I felt would be helpful to an experienced sysadmin, who isn't already experienced at gathering evidence of a system break-in.
"Halting the Hacker", the final part of the book, didn't provide the depth of coverage necessary to the topic. Being more concerned with conceptual overviews, it fails to provide any realistic help to those looking to keep hackers out of their systems. Though 20 pages or so were positively brimming with commands and usage examples, they were mostly concerned with removing unnecessary software and services and checking file permissions. Various Internet FAQs and how-tos can provide this same information at a much cheaper price.
Halting the Hacker is very well written and provides an interesting read. It contains numerous real-world anecdotes that are well documented and prove to be informative and even amusing at times. It explains a wide range of security concepts and does so in simple, understandable language. I would recommend it to anyone starting out in a sysadmin career. I think it also would be a valuable asset in a cost justification scenario or as a primer for non-technical executives trying to gain some insight into the issues facing system administrators. Though it wouldn't serve as a hard-core technical reference, the book does shine in its ability to explain the key concepts behind system security.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Peppermint 7 Released
- Client-Side Performance
- Sony Settles in Linux Battle
- Libarchive Security Flaw Discovered
- Maru OS Brings Debian to Your Phone
- Profiles and RC Files
- The Giant Zero, Part 0.x
- Snappy Moves to New Platforms
- Git 2.9 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide