[This was originally published on Enterprise Zone and mirrored on attrition.org.]
Hack Attacks Denied
Complete Guide to Network LockDown
0471416258, 512 pages, Wiley
Common Security Practices in Uncommonly Tedious Text
Despite more than 400 pages of source code and security defense examples, this book’s valuable content could easily be condensed into a single article sidebar.
A book that explains how to create a secure computer system should not rely on or refer to other books about hacking. Yet John Chirillo’s Hack Attacks Denied: Complete Guide to Network LockDown makes an excessive amount of references to its counterpart, Chirillo’s previous book, Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit. He almost begs the reader to purchase it if he or she hasn’t already. In fact, he goes so far as to infer that the reader will not have the proper foundation without first reading Hack Attacks Revealed.
With his previous book Chirillo attempted to outline the gory details of hacking but managed to provide only a solid technical foundation at the beginning of an otherwise forgettable book (see my review, Hack Attacks Revealed-Partially). Unfortunately, Hack Attacks Denied fails to provide even a solid technical foundation. Instead, Chirillo offers a collection of rudimentary security practices with the apparent hope that readers of his previous book will use them to foil the vague attack methods he outlined in it.
Much like Hack Attacks Revealed, Hack Attacks Denied includes page after page of worthless source code, which is included in digital format on the accompanying CD-ROM. Without explanation or a comprehensive breakdown of what it is or does, the source code amounts to filler that most savvy readers will ignore.
Trouble From the Start
The archetype example of this book’s shortcomings occurs in the first 100 pages. Chirillo extols his own “Tigerinspect” port scanner as a good utility for “home, corporate, and/or private Windows users” who wish to scan a machine for open ports. After suggesting that NMAP (“Network Mapper”), an open source utility that’s become the de facto port scanner for security professionals, is inadequate, Chirillo subjects the reader to twenty pages of source code for “Tigerinspect.” Worse still, he tells the reader that his scanner will not identify common ports such as FTP (File Transfer Protocol). To suggest that Tigerinspect is a reasonable alternative to any other scanner when it lacks this basic functionality is absurd.
The book goes on to suggest that if the reader wants to add that basic functionality to his or her scanner, “you can add it at your leisure” by adding three additional lines of code-per port. Chirillo’s friendly “Tiger note” then reminds readers that not only must they add three lines of code per port, they must add those three lines per port in five different places. As both of his books state, there are more than 65,000 ports, giving the reader the option of adding some 975,000 lines of code to his 1,100-line program. Thanks, but no thanks.
In a Nutshell, Don’t Bother
Later in the book, Chirillo lists a slew of examples of attacks one might find, many of which were outlined in his previous book. A significant portion of the security recommendations-the foundation of the book-can be summed up with “upgrade your software.” Rather than over 400 pages of source code and vague examples of inadequate security defenses, this book’s valuable content could easily be condensed into a sidebar titled “Common Security Practices.”