About.com Rating

The Bottom Line

I always thought of computer security as a necessary but boring subject but the authors of this book have managed to make it both informative and entertaining. If you are a security specialist looking to take the "hacker's Challenge" and test how much you know or if you are just someone wanting to learn more about some of the latest security threats then this book will provide you with many hours of interesting reading and investigating.




Pros

• Real World situations described in an entertaining way
• Variety of different types of attack are covered
• Ratings both on how hard it is to both carry out the attack and to defend against it
• Challenges experienced security staff while also educating those less experienced

Cons

• Some technical terms that may not be familiar to security novices
• Solutions don't directly follow the challenges making their use as tutorials less convenient

Description

• First Edition: Copyright 2006
• 370 page paperback
• Published by Osborne / McGraw Hill
• ISBN 0-07-226304-0
• Authors David Pollino, Bill Pennington, Tony Bradley and Himanshu Dwivedi

Guide Review - Hacker's Challenge 3

This is a book that can serve two different purposes. For the security expert the book provides 20 real world security issues along with the appropriate logs and challenges them to work out what type of attack is being performed, how it is being performed, and what needs to be done to fix it and prevent it happening again. For those with an interest in security but who are not experts the book provides an entertaining series of tutorials that introduce several types of security breach, what they are, how to detect them, and what to do to stop them or at leasdt mitigate the effects.

The 'challenges' that are described in the book cover a range of different methods that have been used to breach the security of various computer networks. Each challenge provides a all of the essential pieces of information that would be available to be examined by security experts dealing with the problem (trimmed of much of the irrelevant logs). Sufficient information is actually provided to enable someone with a sufficient knowledge of security to work out both what type of attack has taken place and how the attack was done. They should then have no trouble in answering the series of questions about the particular attack that appear at the end of each challenge before turning to the solutions section to check their answers.

The challenges also provide excellent tutorials for novice security staff to find out how to extract and interpret information in order to determine what has happened.