Friday, 21 November 2014

Book Review - Anti-Hacker Tool Kit, Fourth Edition, by Mike Shema

Again, following on from earlier posts: -

here's my latest book review, on which I am working in conjunction with the British Computer Society.

From their site: -

Welcome to the fourth edition of the Anti-Hacker Tool Kit. This is a book about the tools that hackers use to attack and defend systems. Knowing how to conduct advanced configuration for an operating system is a step toward being a hacker. Knowing how to infiltrate a system is a step along the same path. Knowing how to monitor an attacker's activity and defend a system are more points on the path to hacking. In other words, hacking is more about knowledge and creativity than it is about having a collection of tools.

and here is my review: -

As someone with an active interest in IT security, and as someone who practices in the area, albeit from an IT infrastructure perspective, I am always looking for new insights into the tools, techniques and tricks of the trade.

This book absolutely lives up to it's title, as it is an A-Z cookbook, taking one through the details of building a full penetration testing environment, using freely available and, in many cases, open source software.

If I have one niggle, it's that the book does not immediately set out the context of IT security in general or in specific, choosing to jump right on into the detail. As an example, the book starts with a chapter on Source Code Management, specifically Git, which is an interesting choice.

I would have preferred to see more detail on the typical vulnerabilities of common IT systems, perhaps with examples of "popular" attack vectors and well-known security breaches, also emphasising that security is as much about the people as the technology.

If one is looking for a primer on IT, including application development, virtualization, Unix/Linux etc., this book is definitely worth adding to one's library.

In terms of the specific intention, the book gets back into gear in Chapter 2 onwards, focusing on vulnerability scanning, auditing and monitoring, continuing to develop on the tooling theme from the earlier chapters.

Whilst this is definitely a book that one can and should read from (virtual) cover to cover, it's also useful to dip into for specific pieces of advice and guidance.

For anyone interested in IT security, and we should ALL be very interested in IT security, this book is one that I would strongly recommend adding to the library of must-read books.

Equally, I would also encourage this book to be part of any IT curriculum, as it is a relatively concise ( ~450 page ) tutorial for any budding practitioner of the art.

In conclusion, I recommend this book to anyone keen to know more about information security, software engineering and the fundamental building blocks of modern computer systems.

The book lives up to it's title as a tool kit, something one can dip into to find precisely the right tool for the job.

No comments: