Sebastopol, CA--What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? A new book from O'Reilly Media, Security Power Tools, ($59.99), lets you do exactly that. In it, members of the Juniper Networks' Security Engineering team along with a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.
Their effort culminates as twenty-three cross-referenced chapters that cover the best security tools on the planet for both black hat techniques and white hat defense tactics. "Security Power Tools" is packed with their tips, tricks, and general how-to advice about an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.
While many tech books are authored by groups of programmers and engineers, few are ever completed by an entire department. Avishai Avivi, Manager of Juniper Network Security Engineering team, and overseer of the book writing process writes, "When we were approached to write this book, I had some mixed feelings about the effort and time it would take...My groupís knowledge of these tools comes through years of working and applying them."
The book also contains three chapters written by two security experts outside of the Juniper Networks Security Engineering team: Philippe Biondi, who is well known for his work on exploits, and a fascinating introductory chapter on Ethics and the Law, written by Stanford University's Jennifer Statis Grannick.
The book is divided into six main technical sections:
- Reconnaissance--including tools for network scanning such as nmap, vulnerability scanning tools for Windows and Linux, LAN reconnaissance, tools to help with wireless reconnaissance, and custom packet generation.
- Penetration--such as the Metasploit framework for automated penetration of remote computers, tools to find wireless networks, exploitation framework applications, and tricks and tools to manipulate shellcodes.
- Control--includes the configuration of several tools for use as backdoors, and a review of known rootkits.
- Defense--includes host-based firewalls, host hardening for Windows and Linux networks, communication security with SSH, email security and anti-malware, and device security testing.
- Monitoring--such as tools to capture and analyze packets, network monitoring with Honeyd and snort, and host monitoring of production servers for file changes.
- Discovery--includes The Forensic Toolkit, SysInternals, and other popular forensic tools.
"Jump in and out and then try something new--play with it on your laptop, then try another tool," encourage the writers. "We think this is the best way to not only use the book but to adapt it to your expertise, instead of the other way around."
About the Authors Nicolas Beauchesne, Bryan Burns, Chris Iezzoni, Paul Guersch, Dave Killion, Michael Lynn, Steve Manzuik, Eric Markham, Eric Moret, and Julien Sobrier are all part of Juniperís Security Engineering Team led by Avishai Avivi, Senior Manager, Security Engineering, who wrote the forward to the book. Philippe Biodi is a research engineer at EADS Innovation Works and the creator of many security tools and programs, such as Scapy and Shell-Forge. Jennifer Stisa Granick has been the Executive Director of the Center for Internet and Society at Stanford Law School, where she taught Cyberlaw, and recently became the Civil Liberties Director with the Electronic Frontier Foundation.
Security Power Tools
Nicolas Beauchesne, Philippe Biondi, Bryan Burns, Chris Iezzoni, Jennifer Statis Grannick, Paul Guersch, Dave Killion, Michael Lynn, Steve Manzuik, Eric Markham, Eric Moret, and Julien Sobrier
ISBN: 0-596-00963-1, $59.99 US
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.