Hack I.T. - Security Through Penetration Testing

This book is good for beginners. I have finished it within 2 days, very easy going, enjoyed reading it.. Most of exploits that are on the cd don't work with unix. However this book explains some nice techniques and i recommend this book to anybody who is into protecting his/her system from break ins.

This book is like a loaded gun. In the wrong hands the information can be used to harm, but in more benevolent hands the information can be used to protect. This is especially true when you subscribe to the adage that forewarned is forearmed. The authors have collected the most common penetration exploits and tools used by those who will attempt to penetrate your systems and have presented them in encyclopedia fashion. Each of the techniques and tools are thoroughly discussed from the aspect of defense through penetration testing to assure that common exposures are deal with. This information is valuable for two reasons:(1) Each of the most common security exposures are identified, and how attackers exploit them is thoroughly examined. This is the forewarning part that you'll come away with.(2) The tools your attackers will probably use are provided on CD ROM, and the book shows you how your attackers will probably use them, as well as how you can use these tools to test your systems. (NOTE: many of the tools are provided as source code).Here are the book's strengths and weaknesses:Strengths: it raises awareness, provides tools and techniques, and discusses the legal aspects of penetration testing. The last strength is especially important because you're need a signed "get out of jail" card before embarking on penetration testing, either as an employee or consultant to the target. One key point the authors make, and which should be at the top of any checklist, is ensuring that whomever authorizes the penetration testing actually has the authority to do so. Weaknesses: no structured approach - the authors provide many anecdotes, discuss cases and what they did, but is appears to be ad hoc with no test plan or test cases. These should have been included because penetration testing should be a part of any test strategy developed and executed by software QA personnel as a part of acceptance and product qualification test cycles. Since the authors are all employees of a well known international consulting firm I was disappointed that this material was omitted.Overall: this book is valuable because it addresses head on the techniques and tools against which you need to defend your systems. The added value is that you'll become skilled in the use of these tools and techniques to exploit your own systems, discover the holes and close them. Of course you should prudently track the latest attack ploys by monitoring the URLs and newsgroups that are provided in the book because the tools and techniques are constantly evolving. The book will get you started, but it's up to you to keep up. On the other hand, the unskilled "script kiddies" will also benefit from this book because it clearly explains the technical underpinnings. That unintended audience can, unfortunately, use this book to increase their skills. Despite the noted weaknesses this book is valuable as long as you're aware that it's only a starting point and it's your responsibility

This book will give anyone who reads it the basic knowledge on how to perform effective penetration tests. The CD included includes many helpful tools that are discussed in the book. In addition, the case studies are first rate in giving the reader a real-world example on the material covered in the text. I am also very pleased that this book not only covers hacking techniques but also the ethics involved. Great buy!

This text, I call it a text because you can use it as a great learning tool, is wonderful. The book has great illustrations and gives wonderful insights into the inner workings of the hacking world. I fully recommend the use of this book and the CD-ROM included.

Very well written and comprehensive. A real orientation to PEN-TEST procedures. Includes very interesting issues such as: Rootkits, DDoS, Social Engineering, Unix and NT tools and methods, IDSs,'Future Trends' (Including Biometrics) and useful countermeasures.The companion CD contains several powerful tools like Hunt,Dsniff, Nmap, Whisker, NetCat, Nessus and others.Buy it, you won't be disappointed.