 |
Honey can I hack ya?
Apr 05 '02 (Updated Apr 05 '02)
Author's Product Rating
Pros
Completely organized, well-written, complete, and as up to date as possible.
Cons
bad hackers can read it too, would have liked more case studies.
The Bottom Line
Hacking Linux Exposed is a book no Linux system administrator should be without.
|
|
|
|
Full Review |
|
|
|
If you have a vulnerable computer attached to the BIG BAD INTERNET,
sooner or later your box will be compromised. Notice I prefer the
term compromised to hacked. Hacking is a benign activity. You hack
out of curiosity and [hopefully] with prior permission. Can this be
done? Can I get into this box? How is he trying to keep me out? What
stone has he left unturned? Woops: He has a bulletproof firewall but
he left this one vulnerable cgi script in his httpd directory: HA!
I'M IN! At that point the correct thing to do is to stop and notify
the hackee. But once a hacker gets in, (especially if he is there
without permission) the temptation to quietly mess around and cover his
guilty tracks is usually overwhelming. Then it has gone from hacking
to compromising someone else's box.
You may ask: why hack? when everybody has their own box nowadays.
I think it's for the challenge. Hacking is very similar to playing
Riven or similar computer games where you gather information and use it
to achieve a goal [usually root access in a Linux box.] But, after
they root you, they may want to use your box at the very least as a
free playground, and at the very worst, to steal your data or try to
frame you for an attack on some other network.
If you don't mind contributing to the poor underprivileged script
kiddies' Mbps fund, or having your hard drive scanned and changed at
the whim of an adolescent, don't worry about security.
Otherwise, if you have a Linux box, read this book!! If you
have a Windows box, you might want to skim it as well. Some of the
cracks it discusses are launched from Linux space, but they can work in
any network space. The same authors also have a Hacking Exposed title
which is centered on Windows. I hope to review it soon.
The book is organized into five major sections--thirteen chapters and four appendices. The major sections are:
I. Locking into Linux: Provides a security overview, outlines
proactive measures you can take to secure your box, disaster recovery
procedures, and how to identify other types of vulnerabilities.
II. Getting in from the Outside: This is the type of compromise
people fear the most: It discusses social engineering, physical access
cracks, breaking in over the network, and network abuse.
III. Local User attacks: Discusses how a local and at least
somewhat trusted user can jack up their status to do things they're not
supposed to, password cracking, and backdoors, since once a cracker
breaks in from outside, the first thing he or she does is make
him/herself a highly privileged local user and install hidden
playgrounds for him or herself.
IV. Server Security: How crackers abuse email and web servers in particular, and how to configure Linux firewalls to nip them in the bud.
V. Appendices: Mainly a reference section on where to go for
patches, but the last appendix is a series of three case studies. I
found the case studies in particular very interesting!!!
This book covers all the bases and goes into just the right amount
of depth. It assumes some familiarity with CLI Linux. It gives you a
basic understanding of each cracking technique with examples whenever
possible. If the size or complexity of the example would be too
voluminous, they refer you to the web where you can read the whole
thing. All the websites I have referred to from this book so far have
been up-to-date. The writing style is head and shoulders better than a
lot of technical books I own.
Three warnings: These are things I had already heard, but after reading this book it is totally stark:
NEVER use telnet or FTP! It's child's play to sniff these
and there are encrypted alternatives that are just as easy to use.
NEVER trust anything coming into you from the web! It's also child play to put hacks into web form data.
NEVER tell anyone anything they don't need to know, such as
hostnames, user names, tel no's, type of hardware, network layouts, IP
numbers, database schemata, or what type of firewall you use. You
may think this stuff is benign but a skilled hacker can use it against
you.
So far I have hacked all the workstations on my own LAN. I have
also discovered vulnerabilities on two external networks that I own as
if I were an outsider (i.e. not using the admin password or internal
knowledge)
I have hacked two friends with permission (one running Windows).
Both of these friends were happy that it was I who found their Achilles
heel and not some seventeen year old in Singapore.
[Disclaimer: This book is freely available. As with any tool, it
can be abused. An axe can be used to split firewood, or for an axe
murder. This book can be used constructively or otherwise. It is
powerful stuff. Some of the things in it could easily land you in
MAJOR hot water, as in hard time -- lots of it, and banning from
computers. You have been warned.]
Recommended
Yes
 Return to top
Back to all reviews
|
|
|
|
Comments on this Review |
|
|
|
|
Read all comments (2)
Write your own comment
|
|
|
|
|
Epinions.com ID:
platypus55
|
Member: Colleen
Location: Pacific Northwest
Reviews written: 91
Trusted by: 73 members
"You have no mass appeal, Colleen. Only the intelligent will 'get it.'" Dang.
|
|
