UKUUG home


(the UK's Unix & Open Systems User Group)






Book Discounts

Other Discounts

Mailing lists






Security Power Tools

B Burns
Published by O'Reilly Media
856 pages
£ 37.50
Published: September 2007
reviewed by Mike Smith
   in the December 2007 issue (pdf), (html)

I could have sworn this was an old book, and was just expecting a revised edition, but it turns out that it is in fact a first edition dated August 2007. This massive text (over 800 pages) is divided into seven sections. There are a whole host of authors; all but two are employees of Juniper Networks (and a good proportion of those from Netscreen through its acquisition by Juniper.)

With so much material I haven't had the opportunity to scrutinise the book in detail. I suspect it's quite disjointed with so many authors, but with the separate sections perhaps that wouldn't matter. Those sections are: Legal and Ethics, Reconnaissance, Penetration, Control, Defence, Monitoring and Discovery.

There is a Black Hat element in some areas -- the section on Penetration describes how to use Metasploit and several wireless penetration tools (old and new). The Control section describes how to install and use backdoors -- old ones again like Bo2k (though apparently still maintained) and rootkits.

In contrast other chapters describe defence technologies including firewalls and host hardening. It's a mixed bag with other chapters on ssh, various email related tools (e.g. ClamAV and SpamAssassin).

The thing that draws all of this together, as one might expect from the ``Power Tools'' title is that there's a thread of using tools throughout. So in Monitoring the tools include tcpdump, pcap, Wireshark and Tripwire.

I hadn't heard the term fuzzing (maybe I'm out of touch) which is feeding garbage to a program to cause a crash or buffer overflow. This is covered in the section on forensics (oddly, in my opinion).

Anyway, loads of stuff is covered, and an interesting mash of security related topics and tools. It has introduced me to some programs I hadn't come across previously (too many other things going on) such as AirDefence and AirMagnet. Other elements are a little more advanced ... writing shellcode for instance.

I think with more time this book will prove useful as an all-round introduction to a myriad of security related tools and this brief review probably hasn't done it justice. Well wort a read at least for most.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
More information

Page last modified 29 Jan 2008
Copyright © 1995-2011 UKUUG Ltd.