Getting Inside The Criminal Mind - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Getting Inside The Criminal Mind

Learn to think like a computer hacker, and maybe you'll be better prepared to defend against them. Maybe. Jason Levitt looks at two books that purport to describe the art of hacking.

To learn about computer security, you can take courses at the System Administration, Networking, and Security Institute. But to learn to become a rogue computer hacker, living by your own rules and striking terror into the heart of the global industrial computer complex, you need to buy a book.

Over the last five years, a number of books have been released that purport to teach the tools and techniques of computer hackers--Halting the Hacker (Prentice-Hall, 1996) by Pipkin, and Hacker Proof (Jamsa Press, 1997) by Klander and Renehan, to name two--but the quality has recently improved.

In particular, two books have crossed my desk that have either Hack or Hacker in the title or subtitle (a prerequisite, I suppose) and each has merits. Hacking Exposed, Second Edition (McGraw-Hill, 2001), by Joel Scambray, Stuart McClure, and George Kurtz, and Maximum Security, Third Edition (Sams, 2001), by anonymous, are 700 and 860 page volumes respectively, stuffed with tips, techniques, and tools allegedly used by the hacker intelligentsia to make your life miserable.

Let's be clear about one thing: the goal of these books isn't to help you become a computer villain. Rather, they claim to help you understand the techniques used by computer hackers so that you're in a better position to test your defenses and protect against intrusions. Among other things, the books help you do "ethical hacking," which is the use of hacker tools and techniques to test the mettle of your security defenses (see my previous column for details).

Still, both books could be used as training tools for budding network system crackers. While it is easy to find Web sites with hacking tools that you can download and play with free, these books provide the guidance to understand the tools and to use them effectively.

This is a good thing. Some might view books about hacking as metaphorically handing out guns to teenagers at the local bookstore. But, clearly a lot of 45-year-olds need to learn about these things. Ultimately, the more widely the techniques are understood, the easier it will be to defend against them.

So just how easy is it to get inside the criminal mind? Let's take a look at the books and what they offer.

Hacking Exposed is the best book I've seen so far for learning hacking techniques. The book is authoritatively written, well organized, and includes specific techniques for Novell's NetWare, Unix system flavors, and the various Windows operating systems. The quality and depth of the information in this book is scary.

This book doesn't have a companion CD-ROM, which is probably just as well. CD-ROMs accompanying books are notoriously flaky and they tend to go stale rapidly. Instead, the authors have a Web site with lots of links to applications, security sites, and scripts mentioned in the book.

The "lead author" of Maximum Security is anonymous (a cute marketing gimmick?), but the inside cover lists 13 contributing authors. Despite its subtitle, A Hacker's Guide to Protecting Your Internet Site and Network, this book is less focused on hacking techniques. Instead, the authors try to provide the background for approaching site security, an ambitious undertaking.

Maximum Security discusses security issues at a higher level, with less detailed analysis of hacker tools and a more strategic, managerial tone. It also has interesting, brief, platform-specific sections on VAX/VMS, Macintosh, and Cisco routers and switches, as well as in-depth sections on Novell, Microsoft, and Unix flavors. Its CD-ROM contains a number of well-known tools for hacking, testing, and managing network security.

These two books can help you get inside the hacker mind, but at the rate new attacks are discovered and dissected, they'll need an update at least every six months. Still, there's no better way to start thinking like your enemy.

Are these books the equivalent of giving free weapons to the script kiddies of America? Share your opinion at Jason Levitt's Listening Post discussion forum.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll