Reviewed By: Patrick Grote
Date: February 23, 2004
Section: Book Reviews
Publisher: O'Reilly Books
Authors: Cyrus Peikari and Anton Chuvakin
Pages: 531
Retail Price: $44.95
Dot Journal Buy It Now Price: $31.47

Security Warrior is O'Reilly is known for their all encompassing technical books. Typically they are adorned with pictures, engravings really, of animals. Sometimes offbeat, sometimes not, this book features a group of sumo wrestlers in intimidating poses. You know you're in for a good read when the book starts off by quoting a samurai warrior. And that is what this books does. It teaches you that the only way to protect yourself is to know your attacker. Through this you'll learn your vulnerabilities.

In the voluminous 513 pages you'll find that the book is broken down into 22 chapters. That may sound daunting, but it's not. The chapters are arranged logically and flow well. As an example, the beginning chapters deal with software followed by section on networks, platforms and then defense. This allows the reader to follow the natural progression of attack prevention. Very good idea.

There are two things that stand out when reading this book. First you don't just have the author's knowledge to draw upon. Each chapter ends with a list of references that typically have associated URLs. This is a fantastic idea for those who want to follow-up on certain aspects of the material. Using the references ensures that not only do you have the knowledge you need, but you have access to further, timely information.

The second thing that stands out is the book's use of two icons. Using a animal track to signify tips or notes and a bear trap to signify warnings, your eye is drawn to the information that is important.

The information is provided like I imagine the secret service trains its agents. You're walked through all the ins and outs of a would be hacker on your system. The chapter on overflow attacks really brings this to bear. Starting with a simple explanation of overflow attacks and how they occur, the chapter winds through an explanation of buffers, "smashing the stack" and heap overflows. Each topic is discussed as if you had a solid technical background, but need to understand the security aspects of issues. This is good, since many books like this talk down to you by using terms and ideas that only a PHD can understand.

Another great read is the section on honeypots. I understand the idea behind honeypots, but never knew all the uses for them. Simply stated a honeypot is a system designed and created to attack hackers. Think of it as a bear stalking the honey of bees. The bear is going to get that honey no matter what, but it provides an opportunity for you to watch and observe the bear. This is exactly what the system is designed to do. Allow you to watch and observe the hacker.

Rather than sitting on a simple definition, the authors demonstrate the honeypot process with a very simple, yet profound diagram. It really ties your understand together. They then continue to explain how to set up a honeypot system and what steps to take to ensure that you can watch the data as the hackers come.

Regardless of your level of technical knowledge, this book is one of a kind. Security Warrior gets your game face on with the ideas, explanations and tools needed to understand your enemy. It doesn't just pull back the sheets, it turns the bed upside down.

Bookmark/Search this post with:
delicious | digg | reddit | furl | technorati | icerocket