Network security is of great interest to students, researchers, and government officials, and of course to people who want to extract information for pleasure or money. Hacking is a means to exploit holes in software via inspection, brute-force testing, or other clever methods. When a hack is executed just to find holes and report to the right stakeholders, it is harmless and even defensive. When a hack is used for evil purposes, industry jargon usually refers to the perpetrators as “crackers.” This book deals with how to ethically hack a system, for the purpose of finding holes. Usually, this process is more creative than bookish. I have doubts whether real hackers ever read books in a systematic manner. The problem being that once a hole appears in print, software gets fixed to close it. Newer holes are constantly being discovered in a wide variety of commercial applications, programming languages, and operating systems.

This book is geared toward professional certifications. The authors start with the basics and include several supporting tools. A good hack requires a thorough understanding of transmission control protocol/Internet protocol (TCP/IP) networking fundamentals and packet captures. The book gives a reasonable overview of TCP/IP, but falls terribly short on the packet capture part. For example, modern hackers must use the Wireshark packet analyzer. Other books [1] offer a far more comprehensive presentation on the subject of packet captures.

I did like the book’s explanation of port mapping with Linux tools examples, command-line outputs, and screen shots. The examples drive home strong points about well-known hacker tools. Another chapter tries to provide an introduction to various programming languages. Unfortunately, one chapter cannot do justice to several programming language tutorials, so it is not very effective. (One can really understand how bad programming weakens security by reading clear explanations such as those found in Warren’s book [2].) I also liked the chapters on wireless technologies and wardriving. Other chapters focus on cryptography, firewalls, virtualization, and peripherals.

Overall, this book touches on the basics in several areas. I was hoping for a more concrete treatment, but the authors wrote the book for students in security certification courses who need a broad approach. If you want an in-depth look at any single topic, you will be disappointed. Despite these minor drawbacks, the book represents an excellent basis for getting started. I was also disappointed by the lack of references to other books. There are tons of pointers to websites, but no comprehensive reference for each chapter. The authors could have given more references for readers who are ready to dive into the subject more deeply. This book is an excellent start for students, but it’s not ideal for professionals already in the industry. As I already mentioned, professionals rarely refer to structured books, tending to rely on intuition and past experience. For such people, attending conferences like DEF CON will be more beneficial.

More reviews about this item: Amazon