Book Review

Hacking Exposed
Network Security Secrets & Solutions

McClure, Scambray, and Kurtz
Osborne/McGraw-Hill, 484 pp, paperback, 1999


There is a great need for a complete, up-to-date book that can describe how hackers gain access to computer systems. Such a book would save many hours of fruitless searching through websites such as rootshell and Bugtraq, and tedious experimenting with netcat, tcpdump, and other utilities.

Unfortunately, Hacking Exposed, while remarkably up-to-date, will not completely save you from such tasks. Although it contains much information and describes attacks on routers and the network as well as attacks on operating systems, some of the techniques are described only in general terms, or are of marginal use to the hacker (e.g., require root or console access to run). Many others are obsolete. For example, phf is described several times, and several of the described exploits depend on phf being present. No web server administrator with half a clue would still be running phf. On the other hand, there is a discussion about the recently-discovered iishack buffer overflow exploit for IIS, and a perl script for detecting the vulnerability. There is also entire chapter on Windows 2000.

Unlike other books, Hacking Exposed does not waste space describing how to run crack and Satan, but tries to give a concise overview of vulnerabilities, tools, and countermeasures. However, the 14 chapters of Hacking Exposed are somewhat uneven in terms of the amount of depth. The chapters on router and firewall hacking, for example, provide examples of ncode that can be used for detecting port scans, and even briefly talk about TCP/IP datagrams, while the chapter "Hacking Windows 95/98" is relatively superficial. The biggest strength of the book, however, is its emphasis on Win9x, NT, and Novell NetWare instead of Unix, which is the main focus of most other 'hacker books'. In fact, the sections on Unix are uniformly weak. Only 52 pages are devoted specifically to Unix, and these describe attacks that are mostly obsolete, like the details on the pipe vulnerability in sendmail version 4.1 (the current version of sendmail as of this writing is 8.11.0). MacOS and mainframe operating systems are not mentioned at all.

Many of the Windows sections, however, presuppose a high degree of cluelessness on the part of both the user and the hacker. For example, is a hacker really going to install vnc on someone's Windows computer hoping the user is too stupid to notice the mouse cursor moving around by itself? The authors' claim that 2/3 of pcAnywhere installations are set up without a password is also hard to believe. Are there really that many people out there who hook up pcAnywhere to a modem with no password, allowing hackers to login from anywhere using a war dialer?

Another weakness of the book is a relative sparseness of information on detecting attacks. An ncode program is given for detecting SYN floods, but methods for detecting buffer overflows (one of the most common attempts on my system (except for port scans, most of which come from our CIT department, cut it out guys!)) are not given.

This is not to imply that Hacking Exposed is not a great book, but rather that computer security cannot be learned entirely from such a short book. A complete catalog of all known security holes would take much more than the 484 pages in this book. Becoming an expert in computer security would mean spending lots of time practicing with netcat and other utilities, and checking various web sites for latest information. Until someone publishes an interactive computer security course on CD-ROM, however, Hacking Exposed will provide one of the better introductions to the basics.