.

Review : Hands-On Ethical Hacking & Network Defense

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Aug 03, 2009 3:51 pm

Review : Hands-On Ethical Hacking & Network Defense

This is my first book review for Hands-On Ethical Hacking Attack & Network Defense by Micheal T. Simpson. I've never really done a book review before, I was thinking I'd give a chapter listing of the book, and maybe go through chapter by chapter analysis on the book. I'm writing this review just as a students feedback who had to use the book for an Ethical Hacking class I took during a summer session at college. I believe Sam Bowne (Who Has Spoken At Defcon), teaches his class with the same book.

The chapter layout of this book consisted of 13 chapters:
Chapter 1 : Ethical Hacking Overview
Chapter 2 : TCP / IP Review
Chapter 3 : Network & Computer Attacks
Chapter 4 : Footprinting and Social Engineering
Chapter 5 : Port Scanning
Chapter 6 : Enumeration
Chapter 7 : Programming for Security Professionals
Chapter 8 : Microsoft Operating System Vulnerabilities
Chapter 9 : Linux Operating System Vulnerabilities
Chapter 10 : Hacking Web Servers
Chapter 11 : Hacking Wireless Networks
Chapter 12 : Cryptography
Chapter 13 : Protecting Networks with Security Devices

Chapter 1 I thought the author did very well in giving an introduction into the field of Penetration Testing. He gave a good view of what Ethical Hackings all about. Talked about penetration testing methodologies, certifications one should opt for if trying to get into the field,  went over how a Pen Tester should define the scope (Rules of Engagement) & included various Federal Laws one should take into mind before considering this path. After reading chapter 1 I felt he had done a pretty good job introducing the user to the field.

Chapter 2 the author ended up covering binary, hexidecimal & the octal numbering systems - along with IP Addressing schemes, TCP Flags, ISN, ports & talked about 4 layers (which as he mentioned, were the Internet, Application, Network & Transport layers). He also introduced the 3 - way hand shake which is always useful to know about. I felt he did a fair job on this chapter, except he had the SYN flag as Synthesis instead of Synchronize, so it left me with a feeling like, "I thought it was Synchronize, not Synthesis?". Writers are human also I was just really surprised he didn't catch that.

Chapter 3 was called Network & Computer Attacks, & it basically was written to let the reader muster : "This is what a trojan is" , "This is what adware is", "This is what a DDoS Attack is", "Keylogger, Buffer overflow, etc". Ultimately at the end of this chapter, I was left with a feeling like, "Why didn't the author go more in depth about Buffer Overflows? These are one of the largest attack vectors of today!"

Chapter 4 was a short and quick introduction to social engineering & reconnaissance. Common tools and techniques were introduced like Paros Proxy, the dig & host commands, banner grabbing, DNS Zone Transfers, etc but the author kept it pretty basic in introducing the functionality of all of these. I thought this chapter was sort of lame because I was expecting him to mention how search engines play a roll in gathering intel, along with sites like 411, social networking sites, etc. He did introduce basic skills like Piggybacking, dumpster diving, shoulder surfing but what I was looking for was more of a, "Can you give a good example you've used that've actually worked?"

Chapter 5 was about port scanning, and it honestly wouldn't of been about port scanning if the author didn't mention nmap. In this chapter, the author talked about tools like nmap (and provided in detail what goes on to get the results of SYN Scans, FIN Scans, XMAS Scans, Etc), Hping & Fping, Nessus, Unicornscan & covered some quick bash scripting on how to look for live hosts on the network. Overall, this was a pretty good chapter, I was happy he didn't mention a crappy port scanner I hadn't heard about.

Chapter 6 was all about enumeration. The author introduced some basic enumeration tools like NBTScan, nbtstat, DumpSec, Hyena & finger (oh yeah!). He also talked a little bit about null sessions and gave examples on how an attacker could access shares on a network. I was displeased because he failed to mention service enumeration with nmap in this chapter, along with the VRFY, etc commands you could run on alternate ports to check if certain users exists. I was in a way displeased at this chapter cause I felt he left out some good information.

Chapter 7 was entitled Programming For Security Professionals. Being interested in programming I was looking forward to this chapter. In this chapter, Michael just ended up talking about basic programming syntax of Perl, C & HTML. I was also displeased at this chapter simply because it left you feeling like, "He didn't talk about python, or bash? Why do Ethical Hackers chose C & Perl?". The chapter kind of leaves you hanging, it's like he was talking about going from Enumeration then he turns into an introduction to C, Perl & HTML teacher & doesn't even talk about hacking in this chapter.

Chapter 8 was all about Microsoft Operating System Vulnerabilities. He talked about tools you could run on your own computer to check for vulns like, Microsoft Baseline Security Analyzer, HFNetChk. He also talked a little bit about NetBIOS, RPC, SMB, Samba, CIFS, patching, Passwords and Authentication. What I didn't like about this chapter was that the author re-went over Null Sessions again & randomly put in a whole write up on, "Passwords and Authentication" as if its based directly on the Windows OS Vulnerabilities. Surely it relates, but I felt his idea of enforcing strong password policies should be put into place over a global scale of operating systems. I don't see how relevant it was to stick Passwords & Authentication into this chapter specifically, it just sort've seemed out of place. A positive about this chapter though was he did introduce the reader to SQL Server Agent, Extended Stored Procs & The SA Account.

Chapter 9 was entitled Linux Operating System Vulnerabilities and as enticing as it sounds, the author really failed to deliver in this chapter. The only thing I found useful and learned in this chapter was he talked about the Linux Directory Structure. He introduced basic shell commands, but this chapter was so lamely put together overall that he ended up repeating Footprinting in this chapter and social engineering in a section he called, "Using Social Engineering to Attack Remote Systems". What I found really lame about this chapter was that he failed to mention what the bad guys are after :  /etc/shadow . He also failed to mention privilege escalation & randomly threw in an introduction to Packet sniffers in this chapter, as if packet sniffers don't work with windows. I honestly don't think the guy had enough information in this chapter to call it a "Linux Operating Systems Vulnerabilities" chapter. He recovered buffer overflows this in a more in depth approach, but failed to mention how the shellcode between OS's differs (I don't do exploit development but I'm thinking it does).

Chapter 10 was titled Hacking Web Servers. In this chapter he gave a brief introduction to ASP, CGI, PHP, JavaScript, VBScript, ColdFusion & databases. Infact a couple of the exercises in the chapter were to create a webpage using ASP. Databases were introduced in this chapter along with a rather weak introduction to SQL Injection, which is widely used today by attackers to penetrate databases. A mere paragraph was written for "Application Vulnerabilities and Countermeasures" for attacks like, Command Injection Flaws, XSS, Broken Account & Session Management, Broken Access Control, Etc. I was pretty surprised he didn't have anything solid to explain Cross Site Scripting at all. A positive about this chapter is that he mentioned the OWASP Project and 1 of the exercises was getting WebGoat up and running.

Chapter 11 was about Hacking Wireless Networks. Of course to be able to break into Wireless Networks you should know a few things about them. In this chapter, the author went through a brief overview of the 802.11 Standard, Wireless Technologies, Authentication Schemes (Like EAP, PPP) & talked about WPA & WEP. He also gave a brief introduction of NetStumbler, Kismet, WEPCrack & Airsnort. I thought he did a pretty good job teaching about alot of the wireless concepts but didn't do a good job explaining the attack process. He failed to mention all the different types of attacks you could perform when attempting to break WEP & offered somewhat weak countermeasures to help defend against wireless attacks. One was : "If you use WEP, consider using 104-bit encryption rather than 40-bit encryption. If possible, replace WEP with WPA...". How about not use WEP at all? In todays world we live in a 128 Bit WEP Key can be cracked in under 5 minutes with ease. He also failed to mention it's useful to keep router firmware upgraded, what information is sent over in clear text that can be grabbed if connected to a rogue access point. To me, it would've been a good place to throw packet sniffers in this section, because although they don't relate to wireless hacking in particular, it's typical people run sniffers on their laptops to receive user credentials (Especially these days).

Chapter 12 was all about Cryptography & was a positive chapter. Of course the history of cryptography along with plaintext, ciphertext, symmetric, asymmetric algorithms were discussed. It also talked about authenticity, nonrepudiation & a whole lot more that you'd expect to see on a Security+ exam. This chapter had alot of information in it and it's probably one I need to go back to since it's crammed with alot. The author knew what he was talking about in this one by far. There were also some activities in this chapter like using Hotmail & PGP, creating your own Cipher Key & a couple more. Simpson (The author) also introduced password cracking & introduced tools like John the Ripper, Hydra, L0phtcrack & pwdump.

Lastly (if you actually have read through all of it I bet your going, "Finally!"), chapter 13 was called Protecting Networks with Security Devices. This chapter managed to cover Cisco router configurations as well and some command line in dealing with these, Access Control Lists Network Address Translation (NAT), Stateful Packet Inspection (SPI), Firewalls, Packet Filtering, DMZ's, Microsoft's ISA Server, Network IDS's & Host-Based IDS's & honeypots (It failed to talk about honeynets though). This chapter were pretty decent & the activities consisted of examining an open-source honeypot to creating standard and extended IP Access Lists.

In conclusion the book was decent. I was amazed that the author didn't cover how to use the tools too much he sort've just mentioned them and left a reference for the reader to go off and study it on their own time. The last chapter ends on page 345 and it's a 460+ page book, towards the back it's filled with useful reference material like Penetration Testing Documentation, Sample Report, Etc. Overall, being familiar with Back Track & the book coming with a linux distro that was pretty lame. I guess I should take into account that the book is a few years old, but overall it was decent. I'd recommend it possibly to beginners if they have the money. I've heard positive things about Counter Hack Reloaded, maybe you'd get a bit more out of reading that. This book has it's positives and negatives. I've mentioned a few of it's negatives but a good positive about it, is that it offers activities for you to do step by step so you could pick up & retain the information you read. I think that's probably why teachers teach it. I hope my review was somewhat helpful, thanks for reading.

-Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Aug 04, 2009 12:51 am

Re: Review : Hands-On Ethical Hacking & Network Defense

Good review, Kris. I think it contains everything needed to know if someone is considering to buy it.

The price is quite expensive though.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Aug 04, 2009 1:51 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

Wow!  That is expensive!  Oh, great review.
~~~~~~~~~~~~~~
Ketchup
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Aug 04, 2009 4:26 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

This was also published back in 2005. How does it hold up?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Tue Aug 04, 2009 8:09 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

Really good book review Kris. Although i don't like the book, your review and break down is very good.

I own a couple revisions of this book. It was my first CEH class i had ever taken, and the book was so bad my study buddy never came back to pick his up. Even when it was new it was old :(

In my opinion it is an 'ok' theory book but lacks the real meat of ethical hacking. It is also very dated as mentioned. You will get no mention of metasploit, Core, Amap, Backtrack (if i remember it is still on auditor, whax, or KnoppixSTD), WPA/2 attacks, Rainbow Tables, hydra, maltego, any web scanners, etc.

Sam does use it in his courses but only because he has to present a textbook to justify the classes he teaches. He uses his own lecture and labs for his classes.

I'd save your money and buy one of the Hacking Exposed newer editions, Hacking: the art of exploitation, or The Shellcoder's handbook.

or save your money and take Offsec 101 :P

just my 2cents though...
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Aug 05, 2009 12:10 am

Re: Review : Hands-On Ethical Hacking & Network Defense

I 100% agree with Jhaddix. I appreciate the feedback on the review, it took me a couple hours to write - up in my text editor then paste it onto the forum. If I remember he had mentioned Hydra but didn't go into detail at all. By far in today's InfoSec society this book would seem somewhat of an epic fail, but it introduces the reader fairly - just misses out on a lot of tools used in todays Pen Tests. I wouldn't exactly recommend the book for anyone buying it, I just honestly think it's taught in classrooms today because of the activities in the book makes for an easy 'Teacher assigns activity for grade' type of thing instead of a, 'Teacher comes up with Ethical Hacking activities for students to do', off the top of his head type thing.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Aug 05, 2009 12:54 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

Jhaddix wrote:
or save your money and take Offsec 101 :P



Jhaddix,

What would you suggest someone know before taking Pentesting with Backtrack (current name for Offsec 101)?

(I have a background in Linux administration (don't script enough), Network Design and Maintenance (former CCNA) and some firewall work).
OSWP, Sec+
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Wed Aug 05, 2009 8:15 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

I'd recommend:

The Art of Exploitation

and

Penetration Tester's Open Source Toolkit: 2

=)

Art is for theory and PTOST is for hands on testing examples.
<<

Laz3r

Post Thu Aug 06, 2009 12:47 am

Re: Review : Hands-On Ethical Hacking & Network Defense

I'll second Art of Exploitation.  The subject matter is a bit beyond me, but it's written well enough that even I understand what the author is talking about.... occasionally.  I recently picked up Hacking Exposed 6.  Though I just cracked the cover, I'm liking it a lot so far.

And Kris, very well written article  ;)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Aug 06, 2009 12:13 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

Is this what you're talking about when you said Art of explotation? http://www.amazon.com/Hacking-Art-Explo ... 911&sr=8-1

*edit 2x trying to get the url to work before I gave up.
Last edited by rattis on Thu Aug 06, 2009 12:15 pm, edited 1 time in total.
OSWP, Sec+
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Aug 06, 2009 12:17 pm

Re: Review : Hands-On Ethical Hacking & Network Defense

Check out Ryan Linn's review:

Hacking: The Art of Exploitation 2nd Edition
http://www.ethicalhacker.net/content/view/224/2/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Sortel

Newbie
Newbie

Posts: 1

Joined: Thu Mar 24, 2011 4:43 am

Post Thu Mar 24, 2011 4:51 am

Re: Review : Hands-On Ethical Hacking & Network Defense

Thanks for the review.
I was just given the book to review for a class next semester, of course in the middle of a semester so it's sitting on the edge of my desk being mostly unread. I did hit Amazon and noticed the book is a bit pricey and I'm pretty sure the college bookstore is going to jack the price up even higher.

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software