Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Understanding network hacks : attack and defense with Python
Ballmann B., Springer Publishing Company, Incorporated, New York, NY, 2015. 178 pp. Type: Book
Date Reviewed: Aug 20 2015

Cybersecurity and penetration testing have been growing in importance for the past couple of decades. And due to some well-publicized hacking cases, such as Sony and Target, the public has become increasingly more aware of these issues. What most people don’t know is that there is a set of publically available tools that can be used to look for security vulnerabilities. When these tools are used by people attempting to circumvent security, it is called hacking. When these tools are used by people attempting to discover security vulnerabilities in order to strengthen security, it is called penetration testing and, sometimes, ethical hacking. The former are often referred to as black hats and the latter are referred to as white hats, a reference to the days of cowboy movies when good guys wore white hats. Of course, these days, nothing is ever black or white, so those in between are called gray hats.

Within this context, this book offers a set of tools written in the Python programming language that can be used to test network vulnerabilities. Individuals will decide what color hat to wear, and it is best to have the tools out in public where they can be used to test vulnerabilities, as well as challenge them.

Someone considering this book should have a basic knowledge of network protocols and of Python programming. The author provides a review chapter on network protocols, but if this is the reader’s first exposure, it will not be enough. The reader should first become familiar with network protocols and then use the chapter in this book for review. Similarly with Python programming: instead of beginning the chapter on Python with the usual print “Hello World,” the author provides this variation:

>>> ska = 42

>>> print “The answer to live, the universe and everything is “ + str(ska)

This snippet is very telling about the book. The Douglas Adams quote is representative of the author’s occasional musings, which make the book more enjoyable. The string concatenation and the casting of an integer to a string in an introductory example is revealing of the author’s expectations that this is not the reader’s first exposure to the topic. And the typographical error (live should be life) is not the only one in the book. The editor should have worked a little harder. In addition, the examples are all done on a GNU/Linux system, which means Windows users might face some additional challenges such as downloading and installing packages.

However, if one has the background to overcome these somewhat minor technical challenges, the book is quite good. It covers sockets, spoofing, sniffers, and port scanning, which are usually mentioned in an introductory networking class with a hand wave and an unenlightening definition. It also covers numerous more arcane network security topics, but the beauty of it is that Python code is provided so readers can explore and understand the mechanics of these ideas on their own. It is one thing to be able to define port scanning. It is another thing entirely to fiddle with a piece of Python code that actually does it.

This book would be of value to those who are interested in network security and penetration testing at the code level. Some background in both network protocols and Python programming is assumed. And if one has the necessary background, the book can be very useful to take this knowledge to a deeper level in the nuts and bolts of how this stuff really works.

Reviewer:  J. M. Artz Review #: CR143708 (1511-0920)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (C.2.0 ... )
 
 
Python (D.3.2 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Aug 1 1992
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy