Robert Bruen's review of "Hack Attacks Revealed" and "Hack Attacks Denied" by John Chirillo, John Wiley & Sons, 2001, IEEE Cipher, E44 September 15, 2001

Hack Attacks Revealed
by John Chirillo
John Wiley & Sons. 2001. 944 pages. Index, seven appendices including glossary, references, CD-ROM. $59.99 Softcover. ISBN 0-471-41624-X.

and

Hack Attacks Denied
by John Chirillo
John Wiley & Sons. 2001. 491 pages. Index, three appendices, glossary, references, CD-ROM. $54.99. Softcover. ISBN 0-471-41625-8.

Reviewed by Robert Bruen September 12, 2001

When I first read through these two books, I was at a bit of a loss to figure out why hackers were mentioned at all. The information presented here is how networks work, how ports works, how to do systems administration, in short, a pretty complete set of the technical things one need to know to really understand how it all works. Then it dawned on me, that is what hackers need to know and what many systems people do not know. Many of the great secrets are secrets because they are not known, not because they are hidden. What is needed is a terrific, single source, like this Hack Attack set. It is a good as any textbook I have seen when it comes to describing the practical side of networking. The Revealed volume gives one of the best explanation of an IP address at the bit level, which include how masks work. Ethernet is presented in easy to understand charts that cover the older and newer flavors, (read thick wire through 100Mb), along with descriptions of frames for all sorts of useful protocols, without going deeper than necessary. It is a comprehensive quick-start.

The next large section in Revealed is the Hacker Coding Fundamentals, actually a brief introduction to C, which I would not recommend as a method to learn C. Its value is the code that follows it. If you already know another language well and do not know C, it is helpful as you read the hacking code to be able to refer back to introduction to C. The hacking code has examples of flooding using echo and ping, tunneling and keystroke logging (let's hope this does not violate national security).

The Denied volume puts on the white hat to help in the struggle against the Revealed volume. There is some natural overlap, but the tools presented range from intrusion detection, both commercial and homegrown, through policy making to help in protecting your network. The log file examples are little excessive at times, but the code examples are interesting and useful, such as the source code for scanning your own ports.

The CDs included contain lots of code, some of it old, some almost recent, but the age should not matter if you are merely trying to learn about it. Much of the software is not on the CD, but instead there is a large list of links to the places where the code resides.

There are lots of pages in these two books, some of it detailed, but worth the effort to get through it all. I recommend this set because it covers a broad range of technical material which any systems or network administrator ought to know. It also has real code that could be used, for example, to port scan or ping flood, which I believe is necessary for admins to know. Dealing with attacks require an understanding of how they are done, especially since it is an ongoing process. It is not enough to know about a particular attack or vulnerability, because new ones are being created almost daily. What is important is to understand the underlying principles that will be utilized for attack and defense. A grasp of the foundations make it a bit easier to notice and respond to novel attacks.