Search in Book Reviews

The first of these two books is written largely on the principle that you should know your enemy. I guess some will be deeply perturbed by a book that actually publishes a program whose purpose is to crack a Unix encrypted password file. However stop a moment and think. How do we understand the threats to our systems if we choose to remain wilfully ignorant of the weapons of our opponents? However by the time you have finished reading this book and perhaps testing your local network you will be a very worried network manager (even if that is just a small domestic network at home).

Once you have finished the first book (even long before you have done so) you will be an easy sell on the second one. Here the same author deals with the other side of the coin, knowing how to stop the cracker. This is an excellent and informative book with one major flaw, if everyone follows the policies suggested by the author we again have what is substantially a monoculture so that the cracker who finds a way in to one system will have a rich reward in being able to access many.

As individuals, families and small businesses increasingly have networks that are connected to the Internet (and often on almost a continuous basis) it becomes more important for those of us from whom advice is often sought to at least understand the problems. If we are professionals outside the field of computer security we would probably be wise not to hand out too much advice. I think that most of us could benefit from reading 'Hack Attacks Revealed' and many would then want to read 'Hack Attacks Denied' but be careful that you do not unwittingly place yourself in a position of responsibility for the security of someone else's computer(s).

I recommend that you find time to read at least the first of these books.