May Contain Blueberries

the sometimes journal of Jeremy Beker

“Be afraid. Be very afraid.”

If there is one motto to be taken from this book, that is it. Security Warrior takes a new track from most security books, the view of the attacker. How and what they do are explained in detail, from reverse code engineering to methods of avoiding intrusion detection systems. As a systems administrator, part of me wants to just go and unplug all my servers after reading this book.

Far from an introductory book, the authors assume you are familiar with the concepts of securing servers and networks on the internet (achieved, possibly from books like Practical Unix and Internet Security). The first half of the book covers attack methods and then switches to defense methods for the remainder.

The authors provide detailed and up to date information regarding program disassembly for the purpose of patching as well as for determining possibilities for buffer and heap overflows. Methods and tools are discussed for Windows, Linux, and Windows CE. This is heavy stuff; you will need to be at least passing familiar with assembly language and computer architecture to make sense of what they are discussing. They move on to cover network attacks beginning with reconnaissance techniques, firewall and IDS avoidance, and hiding your tracks. I found it very impressive the discussion of some of the most moedrn tools; not only did they discuss TCP stack fingerprinting, they mentioned the latest developments in non-static and passive OS detection tools.

In the last “attacker” section of the book, they discuss specific vulnerabilities in many services, including topics such as Active Directory hacks (extending even into the weaknesses of smart card technology). General web attacks like SQL injection and parameter checking problems are discussed as well as the deficiencies present in most wireless ethernet implementations.

After scaring the daylights out of you in the first part of the book, the authors proceed to the defensive topics of the book. They cover the general topic of logging adequate information and dealing with logs from multiple sources. Alternate syslog implementations are discussed that provide more flexibility than the standard toolsets. For networks in general, intrusion detection systems are discussed using Snort as the example tool. Honeypots are also described in brief. Computer forensics is covered as well as techniques that are used to destroy electronic evidence.

I felt this was an excellent book. It is definitely an advanced book, but is a welcome relief for people who are experienced in computer security and want something that pushes the edge.