Tips, Tricks, Tools & Techniques

for Internet Business, Life, the Universe and Everything

RSS Feed

Why should you care about computer security?

16 October, 2007 (10:48) | Reviews, Security | By: Nick Dalton

Computer Security and Penetration Testing by Alfred Basta and Wolf Halton is the scariest book I’ve read since Stephen King’s IT. The book is published by Thomson and is used as a text book at many colleges and universities.

As a course text book it has exercises and hands on projects that describe exactly how to install and run computer programs that crack passwords, sniff network traffic, launching denial of service attacks, and more. Of course this is all done legally (”white hat”) and with the intent to educate and to teach the reader how to deploy countermeasures and improve their security.

Here are a few of the topics covered in the book:

  • Scanning Tools
  • Sniffers
  • TCP/IP Vulnerabilities
  • Encryption and Password Cracking
  • Spoofing
  • Session Hijacking
  • Trojan Horses
  • Denial-of-Service Attacks
  • Buffer Overflows
  • Programming Exploits
  • Windows and Linux Vulnerabilities

Like most security professionals I’m on the side that full disclosure is the best way to improve computer security. You should assume that the bad guys already have this information, and then some. Therefore I welcome this book.

Why would anyone care to target your little web site?

You’re probably not as passionate about security as I am. But is security just for geeks and federal three-letter-agencies? Why would anyone care to target your little web site? People with malicious intent couldn’t care less about your web site. As described in the book they use scanning software to detect computers that are vulnerable. Once a vulnerable computer is found, it is attacked and compromised, and then added to a bot network. This is all done automatically and you will probably not notice anything until you start getting complaints that spam is being sent from your server; or when your web server is shut off by your web hosting company because it is participating in a denial of service attack against someone else.

If you have read any of my previous reviews you know that I’m a harsh critic and I rarely endorse other people’s products. This is a book that has my full recommendation. Your web master or IT department needs to have this book. Not on their bookshelf – it needs to be put into practice to be useful.

One of the book authors has a free newsletter called Secret2Security. When you sign up you get the first chapter of the book for free. Here’s the URL:

Write a comment