Product Description

Hacker’s Challenge 2 provides 20 brand-new real-life hacking challenges for network professionals to solve and includes in-depth solutions written by experienced security consultants and authors of the first edition.

Product Details

• Amazon Sales Rank: #730746 in Books
• Published on: 2002-12-01
• Original language: English
• Number of items: 1
• Binding: Paperback
• 352 pages

From the Back Cover

"Awesome....Incredibly informative, insightful, as well as a lot of fun to read. Recommended for anyone who values the integrity and security of their network." --Shawn Bracken, Principal Research Engineer, Cenzic, Inc.

Do you have what it takes to keep hackers out of your network? This unique volume tests your computer forensics and response skills with 20 brand-new, real-life security incidents as told by top-tier security experts. In an entertaining and informative style, this book addresses key security topics, including Denial of Service, malicious code, Web application attacks, wireless technologies, insider and outsider attacks, and more. Each challenge unfolds like a chapter from a novel and includes details of the incident--how the break-in was detected, evidence, and background such as log files and network diagrams--and is followed by a series of questions for you to solve. In Part II, you'll find a detailed explanation of exactly what was happening in each incident and the answers to the questioned posed in Part I, along with prevention and mitigation techniques.

Excerpt from "One Thing Leads to Another":

The Challenge: John is the I.T. Manager for a movie company working on the special effects for a hit film.... But the fan site has just posted an unauthorized clip of one of the most anticipated scenes in the movie.... A postproduction team member put the clip on the server but no one accessed it after that, at least not via FTP.... Then it happened again: more footage was released.... The Web master of the fan site supplied the e-mail address from which he received the files. John checked the ssh logs and the Web server logs.... He found an IP address he had not seen before.... He pinged the IP address then checked his arp table to get the machine's MAC address.... He began tracing the cable back to its source: the proxy server, which had not been used in 8 months....

The Solution: After reviewing the log files included in the challenge, propose your assessment: How could the employees have approached the initial investigation differently that may have helped them get to the culprit sooner? What does the lack of evidence in the ftp and ssh logs reveal? Was John's method of tracking down the proxy server the best method? What is the best solution to solve the vulnerability? Then, turn to the experts' answers to find out what really happened.

About the Author

Mike Schiffman, CISSP, has been involved in most every technical arena computer security has to offer. He has researched and developed many cutting edge technologies including tools such as firewalk and tracerx as well as the ubiquitously used low-level packet shaping library libnet. Mike has led audit teams through engagements for fortune 500 companies in the banking, automotive and manufacturing industries. He has spoken in front of several institutions and government agencies such as: NSA, CIA, DOD, AFWIC, SAIC, and army intelligence. Mike is the lead author of Hacker’s Challenge, and has written for numerous technical journals such as Software Magazine and has written articles for securityfocus.com, and authored many security white papers. Currently, Mike is the Director of Security Architecture for @stake, the leading provider of professional security services. Previous to @stake, Mike was the Director of Research and Development for Guardent, Inc.

Bill Pennington, (CISSP), is a Principal Security Consultant with Guardent Inc. Bill has five years of professional experience in information security, ten in information technology. He is familiar with Linux, Solaris, Windows, and OpenBSD, and is a Certified Information Security Systems Practitioner, Certified Cisco Network Administrator (CCNA), Certified Internet Security Specialist (CISS), and a Microsoft Certified Product Specialist, Windows NT 4.0. He has broad experience in computer forensics, installing and maintaining VPNs, Cisco Pix firewalls, IDS, and in monitoring systems. Bill was a contributing author to several chapters of the original Hacker’s Challenge.

David Pollino Director of the Wireless Center of Excellence at @stake, Inc., conducts leading research into wireless security issues. He is a respected information security consultant with an extensive networking background. His wireless and network security expertise is published in magazines and books. David speaks on security issues at several industry events. David was a contributing author to several chapters of the original Hacker’s Challenge.

Customer Reviews

Thoroughly disappointed
I bought this book in excitement from that the first book brought me. After reading the first two chapters, I was already thoroughly disappointed. The rest of the book didn't improve much as I went on. Pages after pages of repetitive logs, which only illustrate some elementary facts that the server received a 'buffer overflow attack', or 'oh no! someone logged in at 3am!' (that's it!). No more details given. For anyone ever read anything about computer security, most 'challenges' posed in this book you can simply glance up the 5-pages long logs for a second and you'd be able to figure out what's going on.

And that's this book, which only tells you what happened, but not how (well, mostly easily obtainable popular script-kiddie tools) and why, leaving you high and dry. You'd bemuch better get the 'Stealing the Network' serie.

Quality Book
A very, and i'll say it again - very intresting book. Just like the first one it's well writen and well organised. Material is very original, like nothing you've seen before. Of course it is a sequel, and that scares some people off. But i promise you that Hacker's Challenge 2 is nearly as good as the first one. Some sleepless nights are included in the packedge.
One of the most intresting thing that i've found is a buffer overlow attack exaple. That's a very hard topic to find some good information on. Very original, won'r find it anywhere else.
If you are in doubt, don'be just buy it. If you havn't read the first one get it too.