There are three books in a series about network security and hacking that I decided to review:
- Stealing the Network : How to own the Box
- Stealing the Network: How to own a Continent
- Stealing the Network: How to own an Identity
From the title, you get an idea of the subject — and from the subtitle, you can get a an even better peak into what they’re about. I didn’t bother to mention the authors, because they are all done by a pool of writers, often with more than one technical editor. These combination books tend to be more thorough, because they had many experts working on them — but often not quite as clean in tone (feeling more fragmented). Fortunately, these books worked quite well in this format, chapters are often about different stories and people — so any fragmentation or stylistic differences is less bothersome, or even unnoticeable.
I’m not a hard reviewer in that if a book can give me information, then it is usually worth the price. These books had a lot of information in them. But as a reviewer, I’m supposed to pick nits, and find things I didn’t like. The easy “nit” on the series is that they’re written in a very casual tone, but on very technical subjects — without a lot of details on the background jargon. If you’re new to the topic, you’ll need to google or wikipedia a lot of the terms and tools that are flying by in each story, just to really get what’s going on. But you could scan and ignore the terms, and they are still readable, and definitely worth reading. Let me go into each book a little more to give you a feel for the series.
StN : How to own the Box
Syngress Press – $49.95
As you might expect, this book isn’t about a lot of pretty pictures and diagrams; it is about the content and text. But it isn’t as nerdy as one might think; it isn’t just a bunch of shell scripts and debugger code to let script kiddies get “root” or admin access to a machine. The 300 page book is setup more as a series of short stories that come across as bragging about exploits, but also meant to teach people about different ways that hackers got “ownership” of a machine and its data. As such, it is easy to read, and if you’re paying attention, there’s a lot of “how not to” in there, as well as “how to”. Hopefully, there’s a lot more readers with the intent towards the former than the latter.
Now don’t think that because it is just stories that it isn’t technical ; there are diagrams, examples, shell snippets, and they use jargon and tool names under the assumption that you already know about them. If you’re not a high priest of the technoratti you’ll be able to scan and get the gist (and be forced to)– but it can be like listening to two Sys-admins talking, or in this case, a hacker bragging about how he did what he did.
The contents won’t give you a great insight into the stories, you’ll have to read them for that, but they do give you a feel for tone and maybe some topics covered:
*Hide and sneak
*Worms and turns
*Just another day at the office
*Adventures in networkland
*The theif no one saw
*Flying the friendly skies
*The art of tracking
*The laws of security
The final chapter is the most significant. It reminds you that these stories are “fictional”. Which means they are made up of many true stories or rumored exploits, or put together many fragments of true stories into one whole tale; but all are technically viable. Then it goes on to explain the lessons that should be learned from each of those tales, and how to avoid becoming roadkill on the information super-highway.
StN : How to own a Continent
Syngress Press – $49.95
“How to own the box” was about hacking into a computer or getting the information out of it, and thus a corporation, that you wanted. “How to own a Continent” is bigger; this is about how systematic hacking by groups could do malice to the infrastructure of a whole country, or more. Hey, Hackers can do computerized social networking as well or better than businessmen and lonely people looking for dates — and this is a story (set of stories) about what can happen when they pool their resources.
The chapters are:
*The Lagos Creeper Box
*Product of Fate : evolution of a hacker
*A real gullible genius
*For Whom Ma Bell Tolls
*Return on Investment
*The Big Picture
*The Story of Dex
*Automatic Terror Machine
*Get out Quick
*The making of STC
The books first chapter explains that “no one is paranoid enough”, and that knowing they are out to get you is liberating because now you know you must have a response plan. That kind of sums up the mentality all security people should have.
This book is more fictional than the first, in that it is more of a interwoven story and all that. It is also less applicable to the ordinary IT person. But it is sort of the nerd version of a Tom Clancy novel.
StN : How to own an Identity
Syngress Press – $49.95
By now, you should be getting the genre. The back cover of this book kind of gives you the scary summary of what this book is about.
Identity is a precious commodity… In Centuries past, those who fancied themselves sorcerers believed that if you knew a being’s true name, you could control that being… Only recently has this become true in the modern world. The people have granted control of their existence to computers, networks and databases. You own property, if a computer says you do. You have money in the bank, if a computer says you do. Your blood type is what the computer says it is. You are who the computer says you are.
That paragraph explains what the book is about. A 300 or so page story, detailing the exploits of the hackers to use their skills to evade capture and disappear. But the techniques they play with to evade capture and mask where they are, or become someone else, can be used to mess with your identity as well.
The chapters are:
*In the beginning
*Sins of the father
*Saul on the run
*The Seventh Wave
*The Java Script Cafe
*Death by a thousand cuts
*A really gullible genius makes ammends
*There’s something else
*Epilogue: The Chase
If you really want a “how to” of network security; these books aren’t them. I’d recommend something more like Hacker Proof, by Kris Jamsa, or even Hack Proofing your network, by Riley Eller (one of the contributing authors to this series). But you will still get a lot out of these books, even if it is just reinforcing what you should already know. And this is still a very interesting series, and a unique genre. It isn’t fiction, and it isn’t a tutorial. It is too littered with jargon and technobabble to be an easy read for newbies, but senior technical people know quite a bit of this stuff. If you’re in and around the biz, then it is easier to follow, and has many cautionary insights. So the technobabble is what the book is about — it is the details that supports the stories and reminds you of how they could be true, that gives them the validity to make it a truly interesting read — and something as far away from Hollywood tales about the same topic as we are from the Dumbbell Nebula (M27).
The series offers insights into the hacker mind, and the stories are told from such a personal and first person perspective that it makes it easier to follow than it should be. Making it is sort of a nerdy version of grim fairy-tales, each tale with a little moral lesson. The books are expensive, but not getting the lessons that each tries to teach could be far more expensive. In the end, I really liked the books, and would recommend it for anyone who manages IT projects, or is thinking about going into network security or IT in general. Or even those just interested in understanding the details of what the IT people should be thinking about. So while they may be a little heavy for “normals”, it’s not unmanageable and probably a good idea to slog through it and still get the basics.
So get the first book, see if you can follow it enough to justify getting the other two books.