Product Description

Find out if you have what it takes to keep the bad guys out of your network. This real-world resource contains 20+ hacking challenges for you to solve. Plus, you'll get in-depth solutions for each, all written by experienced security consultants.

Product Details

• Amazon Sales Rank: #619248 in Books
• Published on: 2001-10-18
• Original language: English
• Number of items: 1
• Binding: Paperback
• 300 pages

Amazon.com Review
Mike Schiffman has hit upon a great formula for Hacker's Challenge. Rather than try to research, fully understand, and adequately explain attacks that have taken place on other people's networks--the approach taken by too many writers of books about computer security--Schiffman lets network administrators and security experts tell their stories first-hand. This is good. What's better is that Schiffman has edited each of their war stories into two sections: one that presents the observations the sysadmin or security consultant made at the time of the attack, and another (in a separate part of the book) that ties the clues together and explains exactly what was going on. The challenge in the title is for you to figure out what the bad guys were doing--and how best to stop them--before looking at the printed solution. Let's call this book what it is: an Encyclopedia Brown book for people with an interest in network security.

It doesn't really matter, from a value-for-money standpoint, whether your skills are up to the challenge or not. The accounts of intrusions--these are no-kidding, real-life attacks that you can probably learn from, by the way--are written like chapters from a novel (though log file listings, network diagrams, and performance graphs appear alongside the narrative text). Recall every time you've seen a movie or read a book with computer scenes so technically inaccurate they made you wish for a writer with a clue. Schiffman and Hacker's Challenge is what you wished for. --David Wall

Topics covered: The sorts of attacks that black-hat hackers (everyone from script kiddies to accomplished baddies) launch against Internet-linked computers and networks. Everything is presented from the perspective of the defenders--i.e., the network administrators--who have to look at log files and process activity to figure out what's going on.

From the Back Cover
"A solve-it-yourself mystery that will draw you in with entertaining, yet realistic scenarios that both challenge and inform you." --Tim Newsham, security research scientist, @stake, Inc.

Malicious hackers are everywhere these days, so how do you keep them out of your networks? This unique volume challenges your forensics and incident response skills with 20 real-world hacks presented by upper-echelon security experts. Important topics are covered, including Denial of Service, wireless technologies, Web attacks, and malicious code. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and possible clues, technical background such as log files and network maps, and a series of questions for you to solve. Then, in Part II, you get a detailed analysis of how the experts solved each incident.

Excerpt from "The Insider":

The Challenge:

Kris, a software company's senior I.T. staffer, got a call from the helpdesk....Users were complaining that the entire contents of their inbox, outbox, and deleted items folders had completely disappeared....The following Monday, Kris found that the entire Exchange database had been deleted....The attacker sent an email from a Yahoo! account taking responsibility for the attacks....The e-mail had been sent from a machine within the victim's network. Kris brought in an external security team who immediately began their investigation...In addition to gathering physical security logs, Microsoft Exchange logs, and virtual private network (VPN) logs they interviewed key people inside the company....

The Solution:

After reviewing the log files included in the challenge, propose your assessment--when did the deletion of e-mail accounts begin and end, which users were connected to the VPN at the time, and what IP addresses were the users connecting from? Then, turn to the experts' answers to find out what really happened.

Contributing authors include:

Top security professionals from @stake, Foundstone, Guardent, The Honeynet Project, University of Washington, Fortrex Technologies, SecureMac.com, AnchorIS.com, and the National Guard Information Warfare unit.

About the Author
Mike Schiffman is the director of research and development at Guardent, the leading provider of professional security services. He has written for numerous technical journals, has written white papers, and has contributed to Hacking Exposed.

Customer Reviews

Innovative and practical for technical trainers and students
I am a senior engineer for network security operations. I read "Hacker's Challenge" because one of my work duties involves training tier one and tier two security analysts. (Tier one analysts can recognize insecure digital assets; tier two analysts understand the threats to insecure digital assets; tier three analysts can manipulate most aspects of digital assets to mitigate insecurity.) I hoped "Hacker's Challenge" would educate my tier one and possibly tier two students. I now realize the book offers something for security professionals at all levels of expertise.

"Hacker's Challenge" is a collection of twenty "case studies." By dropping the reader into an incident response scenario, the book challenges security professionals to answer tough questions: How did the intruder gain access? What tools were used after the compromise occurred? How do you mitigate that threat in the future? This approach breathes new life into the world of security reading. Students will learn a lot by taking the time to answer these questions before consulting the well-written "solutions" section.

I noticed several technical themes repeated throughout "Hacker's Challenge." They included wireless vulnerabilities, Unicode and directory traversal attacks against Microsoft IIS, and older Solaris exploits. I particularly enjoyed the SQL server attack (challenge 7), and the thorough description of the sadmind worm (challenge 8). I liked the Macintosh case (challenge 15), but wished for coverage of OS X. Finally, the need for network security monitoring via intrusion detection system was wisely emphasized in many "solutions."

"Hacker's Challenge" isn't perfect, however. HK.exe, mentioned in challenge 10, exploits the "spoofed LPC port request" vulnerability of MS00-003, and doesn't involve directory traversal or Unicode. While an old Checkpoint ACK flood vulnerability was well explained (challenge 17), one of the references pointed to an unrelated IP fragmentation vulnerability. Also, the lead author should change his reference to the Air Force Information Warfare Center from "AFWIC" to AFIWC. He might also re-evaluate his interest in the TAB soft drink. (Read challenge 20!)

I plan to incorporate "Hacker's Challenge" into my analyst development program. I believe challenges 1,4,5,8,12,13, and 16 are suitable for tier one personnel. Challenges 2,3,6,10,11,14,15,17 and 18 are suitable for tier two staff. Tier three personnel may enjoy challenges 7,9,19, and 20. I look forward to second and third follow-on books to further enrich the security community.

(Disclaimer: I received a free review copy from the publisher.)

Real-World Security IQ Test
Mike Schiffman's book, "Hackers Challenge," is a very innovative approach towards computer security learning and skill assessment. Guiding the reader from evidence, to reasons, to how and why, and to the end results of a hack attempt, this book provides a blueprint for pursuing and examining the forensic evidence of an attack. This book cohesively brings together all aspects of a hacking event into 20 separate incidents that will guide the reader towards the ultimate answers but only if you have the ability to see the forest from the trees. If you have the skills to recognize the attacks this book will provide confirmation of your abilities along with items of interest you may have missed. If you are left wondering what all the evidence adds up to, this book will get you as close to the on-site experience as possible that most dry manual or reference books do not provide.

For any system administrator this book provides an invaluable way to test your talents and expertise against real-world hacking events in a safe environment using multiple hardware and software products. This book is a must-have for anyone serious about the security of their systems and their ability to recognize and thwart hackers before, during and after an attack. I highly recommend this book for the beginner looking to build their abilities to a veteran looking to confirm or update their skills.

Good book but light on info
The premise of the book really intrigued me so I picked it up. While the writing is good and there is some really good information, I don't think the information content was quite worth the money. Not to spoil the mystery for you, but several of the hacks described really just boiled down to a particular type of attack (to compromise) followed by something else. Similarly, the logs provided (for publishing purposes) have to be truncated. In essence, the reader is spoon-fed because only relevant logs are shown; quite different than real life where an admin may be facing 20 Mb of logs that they have to sift through.

One last point. The author of one of the sections was Tim Mullen. Had I known that beforehand, I would not have purchased the book. I've read his articles on securityfocus.com and have little respect for his abilities in the security field. Luckily, he only authored one scenario.