Security Warrior by Cyrus Peikari and Anton Chuvakin
Security Warrior is, indeed, a dangerous book. Not so much for the specific tools and techniques it presents, as all of them can be found on the Internet, but because the book collects all this information in one convenient, easy-to-read volume. With a subtitle of “Know Your Enemy”, this book provides a powerful compilation of attacks against software, networks and individual systems.
Given that hundreds of security books are out there, I was a bit skeptical this one would live up to its claim of being so different. However, as soon as you enter the first section, “Software Cracking”, you know you are in for a different ride. After a quick refresher on assembly language, this section covers how to reverse engineer software in Windows, Linux and Windows CE, with the focus on how to crack malware such as viruses or spyware. I personally found this section a bit slow-going, but I did learn a good bit from it. I especially found the text on overflow attacks quite relevant, given the large number of such attacks around today.
For me, the book really hit its stride in the second section, “Network Stalking”. After a brief review of basic TCP/IP attacks and tools, the text dives into active and passive reconnaissance, OS fingerprinting and hiding an attack. Chapter 7, on social engineering, seems a bit out of place in this section, but it is an interesting read nonetheless. In later sections, I enjoyed the well-written chapters on hardening UNIX/Linux systems and UNIX/Linux attacks, which include information about breaking out of chroot jails that I hadn't seen in other security books.
My only minor complaint about the book is the editing is a little uneven. Most sections are well done, but in a few cases there are references to topics that “would be covered later” but never are. In another case, I felt there was unnecessary duplication of information. Overall, I found this book to be a strong text with a refreshingly different spin on computer/network security. If you are responsible for system or network security, Security Warrior is definitely worth reading.
Special Reports: DevOps
Have projects in development that need help? Have a great development operation in place that can ALWAYS be better? Regardless of where you are in your DevOps process, Linux Journal can help!
With deep focus on Collaborative Development, Continuous Testing and Release & Deployment, we offer here the DEFINITIVE DevOps for Dummies, a mobile Application Development Primer, advice & help from the experts, plus a host of other books, videos, podcasts and more. All free with a quick, one-time registration. Start browsing now...
- Vigilante Malware
- Disney's Linux Light Bulbs (Not a "Luxo Jr." Reboot)
- Vagrant Simplified
- Libreboot on an X60, Part I: the Setup
- Bluetooth Hacks
- System Status as SMS Text Messages
- Dealing with Boundary Issues
- Non-Linux FOSS: Code Your Way To Victory!
- October 2015 Issue of Linux Journal: Raspberry Pi
- New Products