By Cyrus Peikari, Anton Chuvakin
First Edition
January 2004
Pages: 552
ISBN 10: 0-596-00545-8 |
ISBN 13: 9780596005450
(Average of 3 Customer Reviews)
What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
Full Description
Cover | Table of Contents | Colophon
Featured customer reviews
NLUG: Book Review - Security Warrior by Cyrus Peikari & Anton Chuvakin, December 16 2004
I enjoyed reading the Assembler and the reverse engineering section of the book. I didn't realize there are so many variants of x86 Assemblers. I thought it was brilliant to use the CD organizer as an analogy to program stack to explain the buffer overflow problem, The little HackMe challenge dramatizes the whole buffer overflow issue. It really sticks into reader's mind about how vulnerable our software industry stands today. However, I feel it fall short on the networking section, where the authors could have spent more time on explaining these evil hacking tools. There were no examples on how to use hping, for example. As far as I know, there are lot more evil packet injection tools out there worth mentioning, such as Nemesis, libnet, hping and packit. I was somewhat disappointed given that the authors said in the beginning (preface)this is an advanced security book that I would expect more on the networking side. However, on the positive note, the Log Analysis section is very valuable to system administrators because it provides a lot of good information. There is not a lot of literature out there spend time on explaining what log is, or what is being captured. In fact, log analysis is gaining popularity because it is used for security forensics where security professional tries to piece the evidence together. All in all, this is a very useful book for those who wants to have a survey of what is involved in the field of security incident handlers and/or intrusion detection.
Covers the spectrum well. Good reference., April 26 2004
This excellent, well-written book can be an enigma at times. The authors indicate that the material is for someone who has read on the subject before, although there is quite a bit of material geared more towards novices like myself. In other places I was defintely out of my depth, not having enough of a C/*Nix background to fully comprehend the material. The authors cover reverse engineering, network attacks, platform attacks, and defense/intrusion detection methods.
I very much liked the samples and references to existing tools, although they clearly indicate the possible criminal repercussions of using some of these tools/techniques. The samples provide invaluable insight and experience into learning the techniques, and how to thwart them, if it's possible at this time. The intrusion detection/defense material is split between information that would benefit everyone, including home pc users, and techniques more suited to professionals, such as advanced intrusion detection and network defense. This would be a very good second book on the subject, and barring any sudden changes in the security landscape, this book should hold it's value for some time to come.
Security Warrior Review, February 24 2004
This is one of the first book that talk about the fundamentals of reverse
engennering.It is true that you can find can all the books subjects on the net but for finding and understanding them you should waste a lot of time and effort (to seek different messageboard and reversers site). This book
has done the hard works for you and you can read everything classified and in great details. I recomend it for everyone interested in security and if you already know all the topic in this book I still recommend you to read this book
for a fast and well organized review.
Media reviews
"A very well written, comprehensive text that contains useful references, and details of software tools (and where they can be found). An essential resource for those responsible for information security."
--Major Keary, "PC Update," October 2004
"As in the case in the physical world, when providing computer security the optimal approach is to be proactive. Security Warrior is about taking such a preventive approach to computer predators...The vulnerabilities are clearly defined, but the book really shines when it provides detailed instructions on how systems can be protected. Security Warrior is written for advanced system administrators charged with network or system security. Corporate security professionals may be intimidated by the book, but they would do well to get a copy to the appropriate person in their organizations. That would be the proactive thing to do."
--Ben Rothke, Security Management, January 2005
"Overall, Security Warrior was quite an interesting read. I fully plan to take many concepts I have learned here and incorporate them into both current and future plans. If you want a detailed look at network security concepts, this book is a very solid starting point, before branching out into other works."
--Sean Smith, Dalhousie Student Chapter ACM, July 2005
