Book Review - Hacking Exposed (5th Edition)
So much for the days of trusting everyone on-line to use software in the way that it was intended. Now the stakes are much higher, and attacking systems can be a profitable activity for those so inclined. To protect yourself, you need to understand the wide range of vulnerabilities. Reading Hacking Exposed (5th Edition) by Stuart McClure, Joel Scambray, and George Kurtz goes a long way towards getting you prepared.
Part 1 - Casing the Establishment: Footprinting; Scanning; Enumeration
Part 2 - System Hacking: Hacking Windows; Hacking Unix; Remote Connectivity and VoIP Hacking
Part 3 - Network Hacking: Network Drives; Wireless Hacking; Firewalls; Denial of Service Attacks
Part 4 - Software Hacking: Hacking Code; Web Hacking; Hacking the Internet User
Part 5 - Appendixes: Ports; Top 14 Security Vulnerabilities
Hacking Exposed follows a consistent format in covering areas subject to misuse and attack. They name the type of attack or information gathering technique and give it a risk rating based on popularity, simplicity, and impact. Following an explanation of the particular area, they follow up with a countermeasure section to help the reader understand how this type of attack or exploit can be mitigated. That format scores high on my practicality scale because you can immediately make changes to secure your environment. It's not as if they just spell out the doom and gloom and leave you to fend for yourself.
Another aspect of the book I like is the wide range of hacking covered. Admittedly, a number of these areas (such as hacking Unix or Windows) could easily be made into a whole separate book (and in most cases, they *have* been). But I really don't want to have to buy a dozen books to gain a broad overview of my potential exposure. I want to cover everything at a reasonable level of detail to understand the overall subject. Then if I have the need to get into more detail (like if I need to focus on firewalls), I at least have a framework on which to dive deeper into the subject matter. Hacking Exposed gives me that "reasonable level", and it's greatly appreciated.
Does this book cover every single hack or vulnerability out there? No, and no book (or web site or anything else) ever could. New attacks are discovered and exploited every day. But this gives you a very good knowledge base on which to understand current and future problems. It's a book I'd recommend highly to anyone who needs to understand security. And that should be everyone...