Product Description

"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.

Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions

Product Details

• Amazon Sales Rank: #409640 in Books
• Published on: 2003-05-29
• Format: Illustrated
• Original language: English
• Number of items: 1
• Binding: Paperback
• 330 pages

Features

• ISBN13: 9781931836876
• Condition: NEW
• Notes: Brand New from Publisher. No Remainder Mark.
• Click here to view our Condition Guide and Shipping Prices

Amazon.com Review
Stealing the Network is a book of science fiction. It's a series of short stories about characters who gain unauthorized access to equipment and information, or deny use of those resources to the people who are meant to have access to them. The characters, though sometimes well described, are not the stars of these stories. That honor belongs to the tools that the black-hat hackers use in their attacks, and also to the defensive measures arrayed against them by the hapless sysadmins who, in this volume, always lose. Consider this book, with its plentiful detail, the answer to every pretty but functionally half-baked user interface ever shown in a feature film.

One can read this book for entertainment, though its writing falls well short of cyberpunk classics like Burning Chrome and Snow Crash. Its value is in its explicit references to current technologies--Cisco routers, OpenSSH, Windows 2000--and specific techniques for hacking them (the heroes and heroines of this book are always generous with command-history dumps). The specific detail may open your eyes to weaknesses in your own systems (or give you some ideas for, ahem, looking around on the network). Alternately, you can just enjoy the extra realism that the detail adds to these stories of packetized adventure. --David Wall

Review
Stealing the Network is a refreshing change from more traditional computer books... -- Slashdot.org, June 4, 2003

Review
"Stealing the Network: How to Own the Box is a unique book in the fiction department. It combines stories that are false, with technology that is real. While none of the stories have happened, there is no reason why they could not. You could argue it provides a road map for criminal hackers, but I say it does something else; it provides a glimpse into the creative minds of some of today's best hackers, and even the best hackers will tell you that the game is a mental one." - from the foreword by Jeff Moss, President & CEO, BlackHat, Inc.

"...the reader will find this an informative, instructive and even entertaining book." - Managing Risk magazine

Customer Reviews

Read it in one pleasant sitting
As an admitted Slashotdot-reading, command-line geek, I looked forward to this book, but as a finicky reader and former English Lit major I was skeptical. Turns out it's great on both levels: as a topical, informative text and as a downright compelling collection of short thriller-type stories.

For those who have some familiarity with the subject matter, this book rings completely true and for those who do not, it's still fun and understandable.

It's an expensive book, so I waited a while, but in retrospect it delivers on the high price. Unlike most of the novels I read which wind up on my living room shelves for a while or are passed along to friends, this one wound up on the reference shelf in my computer room along with other network security books (and with a few post-it bookmarks sticking out to boot).

If you are hesitating because of the price or are worried that the writing will disappoint, I can assure you that you will be pleasantly rewarded for your investment. Best thing I've read in the genre since Stoll's superb "The Cuckoo's Egg."

Sometimes wrong and farfetched, but very entertaining!
I saw this book on the shelves and started flipping through it. Next thing I know it was a half hour later and I was still sitting on the floor with the same book in my lap.

In particular I wanted to read the chapter about H3x's adventure in networkland, since it seemed the most intriguing. She's a sexy female hacker that hits nightclubs and has a neon social life - so already we know the story is fiction, right?

I noticed that the author of one of the chapters posted a review. I didn't pay attention to which chapter and don't have the book in front of me, but he states that all the methods used are possible. Well, you can't have a technical book without subjecting it to technical scrutiny. Here's where the meat of my review weighs in: H3x's adventures sometimes make no sense, and other times are technically wrong. Let me explain.

First she realizes the changes she made on the routers at a university were logged to a syslog server, so she hacks that to cover her tracks by taking out the network address she used. Nevermind that she configured the routers to point a GRE tunnel to her home network, and then set "0wn3d" (or something similar) as the interface desription. Isn't that like sneaking tiptoe through a house late at night with a blaring stereo on your shoulders? And what kind of pipe would be going into her home to be able to keep up with an ethernet connection on a campus network? At this point everything is still technically possible, although somewhat unbelievable. Still - this is fiction after all.

The administrators catch wind of this and do all the obligatory password and community string changes, tightening of security with access lists and pant-wetting. Discovering H3x can no longer get in through the front door, she whips up some java which acts as a UDP proxy and tosses it on a network printer. Using this she is able to bypass some access lists and TFTP the configurations off the Cisco routers - and here's the kicker - without needing community strings. Unfortunately, this just is not technically possible.

I'd be curious to see what other technical reviewers have to say about the books merits. Again, it's a fascinating read but you may want to take some of the stories with a grain of salt. The landmine heist is another vastly entertaining story that bleeds into the absurd at times.

Read the book and let others know what you think of it!

Making Technology and Security a Fun Read
You may be asking yourself why I am writing a review of "Stealing The Network - How to Own the Box" (Ryan Russell, Tim Mullen, et al, Syngress Press, 2003, 429 Pages) two years after it came out in 2003. The reason is that next month, the third book in this series, "Stealing The Network - How to Own an Identity", is being released by Syngress. So in anticipation of this new title, I wanted to read this book, as well as "Stealing The Network - How To Own a Continent" (review to be written later this week). I did not expect to be drawn in as quickly as I was by this book, but I found myself being drawn in by the totally unique style in which technical content is presented and the fast pace the narrative took.

Each chapter presents a mini-scenario that demonstrates how specific network vulnerabilities can be exploited, causing potential problems and losses from organizations. What sets this apart from many of these books that I have read is that is kind of set up in the style employed by the television serial "Law and Order: Criminal Intent": a focus on narrative and knowledge from the point of view of the bad guys. While this is a work of "techno-fiction", the level of detail suggests that only the names were changed to prevent the innocent (or the guilty system administrators who fail to lock systems down as well as they should or could).

Another interesting point throughout this book is the emphasis on "social engineering", an oft overlooked weakness that has only started gaining true visibility in the evaluation and education of system administrators, managers, and end-users through highly visible incidents. It is kind of refreshing to read a detailed tale of what led a hacker to jump in a dumpster to find out information, and what led him to that point.

It is the unique approach the authors take that may make the book a more palatable read for true "uber-geeks", rather than these people not wanting to read a dry book presenting technical material in the typical dry approach, which for sure puts me asleep any day of the week. It may also make the topic more readable for non-technical managers to get a better understanding of their risks and vulnerabilities without getting buried in technical detail. However, this also is one big weakness of the book: there is no index of keywords or topics to go back to for easy reference, which would make the book a more used reference than just a good "summer beach book".

Who Should Read This Book

This book should be read by students starting out their formal education in computer information systems. It can teach them lessons without beating them over the head. The book should be read by system administrators so they can see that technical information can be presented in simpler ways, encouraging them to work on their "soft skills". Finally, it should be read by non-technical management so they can understand that the risks and vulnerabilities are very real, and need to be addressed.

Scorecard: Par on long Par 4

Note: When you read my review for "Stealing The Network - How To Own a Continent", you will hopefully understand why I only gave this book 4 stars.