Hacker's Challenge 3 (Hacking Exposed) | 
 enlarge | Authors: David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi
Publisher: McGraw-Hill Osborne Media
Category: Book
List Price: $49.99
Buy New: $26.32
You Save: $23.67 (47%)
New (19) Used (11) from $24.29
Avg. Customer Rating:  9 reviews
Sales Rank: 515897
Media: Paperback
Edition: 3
Number Of Items: 1
Pages: 400
Shipping Weight (lbs): 1.5
Dimensions (in): 9.1 x 7.4 x 1
ISBN: 0072263040
Dewey Decimal Number: 005.8
EAN: 9780072263046
ASIN: 0072263040
Publication Date: April 25, 2006
Availability: Usually ships in 1-2 business days
Shipping: International shipping available
Condition: Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.
|
| Similar Items:
|
| Editorial Reviews:
Product Description
The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.
|
| Customer Reviews: Read 4 more reviews...
 OK, but not what I expected from the HC series May 1, 2008
The stories were entertaining but they lacked the detail I had been looking for. It would be a great book for non-technical managers to read so they know their techs are just over-bearing security freaks.
I also feel that several of the investigations were flawed in how they were conducted. It is possible that the book is just being faithful to the 'real' story, but it would have been good to see comments on what could have been done better at the end of each one.
If you are looking for a broad picture of the types of attacks you might face and some procedures for what to do during or after an attack the book can be a helpful starting point (wake up call for some).
 Everything needed for readers to test their skills October 14, 2006
HACKER'S CHALLENGE 3: 20 BRAND-NEW FORENSIC SCENARIOS AND SOLUTIONS comes from too-tier security experts who offer 20 new real-world network security incidents to allow readers to test computer forensics skills and responses. From phishing and internal corporate hacking to wireless and Linux hacks, each challenge includes an in-depth explanation of the incident, how it was detected, and provides technical logs and network maps: everything needed for readers to test their skills at solving the incident. And yes, detailed analysis of successful results appear at the end.
Diane C. Donovan
California Bookwatch
 Still entertaining, still educational August 21, 2006
6 out of 9 found this review helpful
I read and reviewed HC1 in Nov 01, and HC2 in Jan 03. Now in Aug 06, I'm happy to be reading Hacker's Challenge 3 (HC3). Like its predecessors, HC3 is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.
The 20 challenges cover the following: phishing, DNS cache poisoning, Web app hacking (multiple), anonymous FTP abuse, wireless misconfigurations and abuse, social engineering, disgruntled soon-to-be-ex-employees, malware, password reuse, p2p abuse, router exploitation, XSS, and an iSCSI compromise. The last of these was my favorite because I have not seen this in the field yet. Almost all of the other exploits will seem familiar to anyone performing security consulting.
I believe all of the HC books are wonderful learning and discussion tools for junior security analysts. I would caution them to not accept the "approved solutions" as the proper way to conduct incident response and forensics, however. In 4 or perhaps 5 of the 20 cases, the IR process commenced with direct examination of suspected systems. In other words, admins or security folks jumped right onto possibly compromised hosts and began searching for clues of intrusion.
This is not the proper way to perform IR, yet I saw it demonstrated in Chs 4, 6, 9, and 12. Ch 12, p 119 was especially disappointing -- "the obvious place to begin the investigation is the Oracle server." Wrong -- unless you want to contaminate evidence, tip off the intruder, or introduce other problems into the security equation.
One of Anton Chuvakin's cases demonstrated a better way to approach the IR problem -- look for application logs, firewall records, and network traces first. Avoid touching suspected victims until there is no other option, and then do so carefully.
I do not intend to say through my comments that this process was universally ignored in HC3. Several times proper host-based IR procedures are followed, when using forensic live CDs or obtaining hard drive images. However, please keep my comments in mind while reading HC3. Since the book claims to be based on real events, it's possible the authors are retelling flawed investigations by their customers!
Overall, I definitely recommend reading HC3 if you are new to security or if you need to quiz your newer employees. The book is technically sound (except for a mention of Windows 2002 on p 265) and entertaining. Kudos for the HC3 team for sharing their creative ideas with us.
Reads like a suspense novel! June 18, 2006
2 out of 2 found this review helpful
One of the best ways to teach is via the use of examples. This book is chock full of real world forensic scenarios along with their solutions. As the author of a forensics book myself, I understand and appreciate the hard work that these four brilliant individuals have put into this excellent text. We need to see more books like this in the future!
A Digest of the New World of Hack Attacks June 4, 2006
6 out of 6 found this review helpful
What struck me about this book is that the attacks are all brand new. This isn't just a rehash of the same old attacks we read about over and over again, nor is it a rehash of the attacks - but on steroids - from the previous Hacker's Challenge books. The day of the simple port scan and null session enumeration are long gone. Today's world is much more complicated and scarier. Hacker's Challenge 3 proves it.
And these aren't off-the-wall attacks cooked up in hidden computer labs by researchers. They're the type of threats now, unfortunately, becoming more commonplace to any one in information security.
The chapters on phishing are real-life and could've been taken right out of the playbook of an actual attack perpetrated against a real bank. The steps for investigating, tracking down and bringing down malicious phishing sites closely follow those actually taken by information security professionals on the job.
Another attack presented is pharming, a new and frightening type of DNS poisoning that threatens financial and e-commerce web sites. The description of the attacks is very accurate. It's almost as if you were working with the team trying to block the attack.
Hacker's Challenge 3 is written by a star-studded cast of well-known industry players, each a top notch expert in their specialty in the field.
For each attack, this book provides a complete set of steps for detection, resolution, prevention and evasion of future attacks. There are detailed examples of the forensics examination used to track down both the attack and its offending attackers, including samples of analyzed logs and data that would be used by an actual threat and incident management team in action on a case.
Each chapter has a series of questions that add to the material and provide thought-provoking points for further discussion.
This is a digest of the new world of Twenty-First Century attacks that should be read by every information security professional.
|
|
|
