|
http://www.dmst.aueb.gr/dds/pubs/Breview/1998-CR-Hacker/html/review.html This is an HTML rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the following reference:
|
Diomidis Spinellis
University of the Aegean
Klander, Lars.
Jamsa Press, Las Vegas, NV, 1997,
666 pp., $54.95, ISBN 1-884133-55-X
"Hacker proof" describes commonly-used network technologies from the data-link layer up to the application layer and explains the security issues involved. It covers of TCP/IP, HTTP, firewalls, encryption, digital signatures, secure HTTP, the secure session layer, Kerberos authentication, the Java programming language, viruses, Windows NT, Novel Intranetware, Unix, X-Windows, testing tools, Web browsers, hostile scripts, and network security policies. Most technologies are explained in detail adding to the book's length without substantially contributing to the coverage of security issues. This lack of focus on security combined with a number of omissions and inaccuracies diminishes the book's contribution to the field. The intended audience of the book is probably technology novices who are interested in practical network security, However, the level of technical expertise of the potential reader varies greatly between different topics. As an example, the section explaining telnet attacks presumes an intimate knowledge of the telnet protocol ("the hacker sends ATK_SVR_OFFSET bytes"), while the sections on Unix explain the shell's input and output redirection syntax.
A number of inaccuracies and factual errors may confuse a non-expert reader. As an example uuencode is described as the "most easy-to-use and popular tool for encrypting binary data", Microsoft's CryptoAPI as similar to PGP, and the Unix csh as virtually identical to the Bourne shell. The explanations of attacks contain even more errors: the description of the TCP/IP sequence number prediction attack confuses consecutive IP addresses with the TCP sequence numbers, the section on hyperlink spoofing confuses domain name servers with the domain name system addresses and the URLs, while the description of the sendmail debug problem confuses the program's debug level with the stack frame depth. Some omissions are equally glaring. Although the chapter on Unix auditing includes the helpful advice of consulting the shell history file, it fails to mention the process accounting log files. A list of the Unix file permission constants is presented without mentioning that the numbers are represented in the octal system. Finally, a number of suspect claims unsubstantiated by references add to the mistrust of the book. As an example the author attributes the majority of virus infections to the hundreds of retail publishers who have admitted distributing infected disks and to retailers who re-wrap retailed software returned from users.
Many concepts are described using well presented diagrams which clearly help the novice reader. On the other hand, an annoying aspect of the book's presentation is the lack of italic space correction after italic to roman font changes which results in the effective merging of adjacent words. It is a sad fact of our desktop publishing era that such elementary errors are still prevalent. In addition, the 159 section headings beginning with the word "understanding" quickly become annoying. A page with six Web links and screen dumps of their associated pages at the end of each chapter is an interesting addition to the book, but no excuse for the total lack of references. The book's index is complete and can help the reader navigate thought its voluminous material.
Ignoring the problems mentioned above, "Hacker proof" can be used by a novice reader as a crash course on modern network technologies and the related security issues. Other readers would be better served by more specialised books such as [1], [5] and the relevant RFCs for understanding the underlying technologies and [2], [3], [4] and Web-material for practical security-related advice.
