BKSECWRR.RVW 20040509 "Security Warrior", Cyrus Peikari/Anton Chuvakin, 2004, 0-596-00545-8, U$44.95/C$65.95 %A Cyrus Peikari %A Anton Chuvakin %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2004 %G 0-596-00545-8 %I O'Reilly & Associates, Inc. %O U$44.95/C$65.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596005458/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596005458/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596005458/robsladesin03-20 %P 531 p. %T "Security Warrior" The preface isn't a really clear piece of writing, but does, eventually, get around to stating that the book focuses on security from an attack, rather than defence, perspective. I have, in numerous other reviews, pointed out the errors and limitations in this position. Part one deals with cracking software, primarily involved with breaking copy protection. Chapter one explains a few concepts about assembly language quite well, and then ends abruptly. Some Windows tools for reverse engineering are listed in chapter two, plus a couple of poorly explained examples. The material on reverse engineering in Linux is longer and more detailed, but still has very limited tutorial value, and is padded with extensive code listings of dubious worth. Chapter four is supposed to deal with reverse engineering for Windows CE, but contains an odd mix of CE operating system architecture, a partial list of ARM CPU opcodes, and a description of how to crack the registration code check in a program written solely to allow you to crack the registration code check embedded within it. Overflow attacks, in chapter five, explains buffer and other overflow conditions, and gives an example of a buffer overflow as a crack in another fake program. Part two presents information about networks. Chapter six is a rather unstructured overview of TCP/IP and a listing of some sniffing tools. (TCP is explained before IP itself, and the relationship of the various protocols in the suite is not discussed. A section on "covert channels" emphasizes a strange misuse of header fields, and then drifts into something like session hijacking.) Social engineering can be used in a variety of ways, so it is strange that chapter seven should be here rather than in the "Advanced Defence" of part four. The random content provided has little organization and a fair number of errors: the authors insist that social engineering attacks can be divided into active and passive types, but, by its nature, social engineering is almost entirely active. (The book does seem to tacitly admit this: there is a list of example "active" attacks, but no corresponding "passive" list.) Chapter eight mentions a few methods of reconnaissance with differing levels of detail. Some more advanced techniques for identifying the operating systems in chapter nine, but the particulars are similarly inconsistent. Part three lists attacks against specific platforms. The authors betray their lack of study once again in chapter eleven: UNIX is *not* "reborn from" MULTICS (although it was heavily influenced), and TCSEC (the Trusted Computer System Evaluation Criteria) is definitely *not* the Common Criteria. The various security related aspects, tools, and hardening of UNIX are not bad, but lack definition. The UNIX attacks listed in chapter twelve are good: ironically, because of the generic nature of the descriptions the examples are probably useful as a guide to defensive measures, rather than being outdated tricks. The Windows client attacks listed in chapter thirteen, because they are specific, have limited the material both in scope and utility. Chapter fourteen, listing Windows server attacks, notes some interesting security bugs in Server 2003 and other programs (and one bit on smartcards.) "SOAP XML Web Services Security," in chapter fifteen, is a long title for a short piece on XML digital signatures. "SQL Injection," in chapter sixteen, has some examples of malformed data attacks, and also points out the dangers of adding programming functionality to applications. As with social engineering, the tie to networks is thin, seemingly limited to the PHPNuke program. Some aspects of wireless antennae, sniffing, and a brief review of the weaknesses in WEP (Wired Equivalent Privacy) are in chapter seventeen. Part four looks at more advanced defence. Miscellaneous thoughts on logging are in chapter eighteen. Chapter nineteen has a confused explanation of intrusion detection systems (IDS). There is no mention of rule (or activity monitoring) based engines, signature based engines are said to be restricted to net-based IDS, different terms are used for anomaly detection engines on hosts versus networks, and there is a muddled attempt to tie Bayesian analysis to odd mathematical ratios of false positive (false rejection) and false negative (false acceptance) errors. The installation of a simple honeypot is described in chapter twenty (which probably *should* be in part two). There is a good initial outline of incident response in chapter twenty one, but it breaks down when getting into specifics. Forensics and antiforensics, in chapter twenty two, gives some background and tools for data recovery and obfuscation. It is ironic that the book starts out with a quotation from "The Code of the Samurai," stating that "[a]ll samurai ought certainly to apply themselves to the study of military science. But a bad use can be made of this study to puff oneself up and disparage one's colleagues by a lot of high-flown but incorrect arguments that only mislead the young ..." This assessment fits Peikari and Chuvakin's work almost perfectly. There is a lot of interesting information in this volume: if you have limited technical background in the fields examined, you will find that a quick perusal will provide you with some superficial familiarity with the topics. However, the uneven coverage ensures that the information is spectacular, rather than tutorial. The disjointed jumps from one subject to the next prove the technical erudition of the authors, but do not help the reader very much. copyright Robert M. Slade, 2004 BKSECWRR.RVW 20040509