Catalogue


Inside Internet security : what hackers don't want you to know /
Jeff Crume.
imprint
Harlow : Addison-Wesley, 2000.
description
xvii, 270 p. : ill. ; 24 cm.
ISBN
0201675161
format(s)
Book
Holdings
Subjects
More Details
author
imprint
Harlow : Addison-Wesley, 2000.
isbn
0201675161
catalogue key
4219116
 
Includes bibliographical references and index.
A Look Inside
Excerpts
Introduction or Preface
One evening, my eight-year-old daughter said excitedly, 'Dad, I want to tell you something.' She then announced with great pride that she had a 'secret password', which was only for her use in the school's computer lab and, since it was a secret, she was not going to tell me what it was, no matter what! She derived great satisfaction from knowing something I didn't (not the first time or the last, I'm sure!). She had been frustrated that I would not tell her the password needed to operate my laptop computer. The fact that this system contained confidential corporate information and that divulging it could cost me my job and my employer far more was lost on her. How could I keep such a secret from her? She wasn't going to tell anybody! Her indignation had now, at least to some extent, been quenched by the fact that the shoe was now on the other foot. After letting her revel in this great personal triumph for a few moments, I mentioned that the book she had seen me working on for the past year had a whole section on secret passwords and how computer hackers can often figure them out. She was astonished. Why would I want to tell people how to steal passwords? I explained that I wanted to help people understand how to choose better passwords so that they couldn't be stolen so easily. I added that such information is something that hackers would rather not have everyone know because it could make their job a lot more difficult. 'Oh, so that's why you called the book What hackers don't want you to know ..., right?' she responded. 'That must mean you're an "unhacker".' I confessed that I hadn't thought of it that way, but I guessed she was right - maybe it was time to change my business cards ... My introduction to hacking came when I was in high school in the late 1970s. It began with writing password stealers on the school's DEC PDP-11 minicomputer. Programs were written in the BASIC programming language and accessed via 300 baud acoustic coupled modems which caused garbage to be spewed across the screen if someone slammed the door to the computing lab. From that environment, which sounds unbelievably ancient and crude by today's standards, my compatriots and I streamed together almost unintelligible lines of code that could perfectly emulate the logon sequence and trick unsuspecting users into giving up their passwords. It was quite a thrill when we got them to work. A key difference between me and the other guys that hung out in the lab after school, though, was that I never felt the need to actually steal another person's password. In other words, it was sufficiently exciting for me merely to know that I could do it so I never felt the need to break any rules. The paradoxical lesson of martial arts training is that you learn to fight so you won't have to. In other words, the mastery of the skills leads to confidence, which leads to self-control, which makes violence essentially unnecessary. I first peeked inside the mind of a hacker during those pre-Internet days. I was fascinated by what some of the truly gifted hackers could do and equally taken by their reaction to it. The insatiable curiosity, astonishing ingenuity and singular focus on accomplishing a seemingly impossible task were qualities that inspired admiration. On the other hand, the delicate egos, secretive nature, antisocial behaviour and questionable ethics stripped away any remaining illusions. In any case, though, I owe a debt of gratitude to these technologically brilliant classmates who whetted my appetite for computers and the security issues that inevitably come with them, for in doing so they unknowingly provided me with a great deal of material for this book. 0201675161P04062001
First Chapter
One evening, my eight-year-old daughter said excitedly, 'Dad, I want to tell you something.' She then announced with great pride that she had a 'secret password', which was only for her use in the school's computer lab and, since it was a secret, she was not going to tell me what it was, no matter what! She derived great satisfaction from knowing something I didn't (not the first time or the last, I'm sure!). She had been frustrated that I would not tell her the password needed to operate my laptop computer. The fact that this system contained confidential corporate information and that divulging it could cost me my job and my employer far more was lost on her. How could I keep such a secret from her? She wasn't going to tell anybody! Her indignation had now, at least to some extent, been quenched by the fact that the shoe was now on the other foot.
After letting her revel in this great personal triumph for a few moments, I mentioned that the book she had seen me working on for the past year had a whole section on secret passwords and how computer hackers can often figure them out. She was astonished. Why would I want to tell people how to steal passwords? I explained that I wanted to help people understand how to choose better passwords so that they couldn't be stolen so easily. I added that such information is something that hackers would rather not have everyone know because it could make their job a lot more difficult. 'Oh, so that's why you called the book What hackers don't want you to know ..., right?' she responded. 'That must mean you're an "unhacker".' I confessed that I hadn't thought of it that way, but I guessed she was right - maybe it was time to change my business cards ...
My introduction to hacking came when I was in high school in the late 1970s. It began with writing password stealers on the school's DEC PDP-11 minicomputer. Programs were written in the BASIC programming language and accessed via 300 baud acoustic coupled modems which caused garbage to be spewed across the screen if someone slammed the door to the computing lab. From that environment, which sounds unbelievably ancient and crude by today's standards, my compatriots and I streamed together almost unintelligible lines of code that could perfectly emulate the logon sequence and trick unsuspecting users into giving up their passwords. It was quite a thrill when we got them to work.
A key difference between me and the other guys that hung out in the lab after school, though, was that I never felt the need to actually steal another person's password. In other words, it was sufficiently exciting for me merely to know that I could do it so I never felt the need to break any rules. The paradoxical lesson of martial arts training is that you learn to fight so you won't have to. In other words, the mastery of the skills leads to confidence, which leads to self-control, which makes violence essentially unnecessary.
I first peeked inside the mind of a hacker during those pre-Internet days. I was fascinated by what some of the truly gifted hackers could do and equally taken by their reaction to it. The insatiable curiosity, astonishing ingenuity and singular focus on accomplishing a seemingly impossible task were qualities that inspired admiration. On the other hand, the delicate egos, secretive nature, antisocial behaviour and questionable ethics stripped away any remaining illusions. In any case, though, I owe a debt of gratitude to these technologically brilliant classmates who whetted my appetite for computers and the security issues that inevitably come with them, for in doing so they unknowingly provided me with a great deal of material for this book.

0201675161P04062001
Reviews
Review Quotes
"This is a practical security guide for anyone building or administering a corporate network that runs across a number of platforms, via the Internet. Crume focuses on how hackers approach their work and the vulnerabilities they prey on." Computing,August 2001 This one is a must if security is on your agenda. nternet works,September 2001
This item was reviewed in:
SciTech Book News, December 2000
To find out how to look for other reviews, please see our guides to finding book reviews in the Sciences or Social Sciences and Humanities.
Summaries
Long Description
This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It arms systems administrators with a thorough understanding of the problems of network security and their solutions, and thus helps realize the tremendous potential of e-business. With the explosion growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment. However, a great deal of this is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defense mechanisms to be created, to the extent that security becomes a business enabler, rather than inhibitor. Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses to focus on lessons that can be learned, and how to protect against recurrence. Features: Practical hands-on advice on securing networked systems Security checklists for common scenarios Pointers to other detailed information sources In-depth theoretical background information Real-world Examples of actual attacks A glimpse into the future of IT security
Bowker Data Service Summary
This volume helps level the playing field so that readers can respond effectively to the hacker threat. It is a practical reference book for anyone designing or administering a corporate or eBusiness network.
Back Cover Copy
This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It will arm systems administrators with a thorough understanding of the problems of network security and their solutions, and thus help realize the tremendous potential of e-business. With the explosion growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment. However, a great deal of this is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defense mechanisms to be created, to the extent that security becomes a business enabler, rather than inhibitor. Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses focus on lessons that can be learned, and on how to protect against recurrence. Features: Practical hands-on advice on securing networked systems Security checklists for common scenarios Pointers to other detailed information sources In-depth theoretical background information Real-world Examples of actual attacks A glimpse into the future of IT security 0201675161B04062001
Back Cover Copy
This book is a practical guide for anyone designing or administering a corporate or e-business network that runs across a number of platforms via the Internet. It will arm systems administrators with a thorough understanding of the problems of network security and their solutions, and thus help realize the tremendous potential of e-business.With the explosion growth of e-commerce and the opening up of corporate networks to external customers, security is now the number one issue for networking professionals. Concerns about hackers and the possible damage they can do to a business, and the potential vulnerabilities of a system can be overwhelming and can create an unhealthy business environment. However, a great deal of this is based on lack of information as to exactly how hackers approach their task, and of the exact vulnerabilities that they prey on. In this book, Jeff Crume dispels this fear by putting these threats into perspective and allowing realistic defense mechanisms to be created, to the extent that security becomes a business enabler, rather than inhibitor. Inside Internet Security describes the underlying principles that crop up again and again in hacker attacks, and then progresses focus on lessons that can be learned, and on how to protect against recurrence. Features: Practical hands-on advice on securing networked systems Security checklists for common scenarios Pointers to other detailed information sources In-depth theoretical background information Real-world Examples of actual attacks A glimpse into the future of IT security 0201675161B04062001
Table of Contents
Table of Contents
Sizing Up The Situation: Security Concepts
Bringing down the Net
Is it safe?
What is a hacker?
Analyzing the risks (and counting the costs)
The role of policy
Putting all the pieces together
The Hacker's Edge: Internet Security Vulnerabilities
What you don't know can hurt you
Hackers don't want you to know that ... firewalls are just the beginning
Hackers don't want you to know that...not all the bad guys are 'out there'
Hackers don't want you to know that ... humans are the weakest link
Hackers don't want you to know that ... passwords aren't secure
Hackers don't want you to know that ... they can see you but you can't see them
Hackers don't want you to know that ... downlevel software is vulnerable
Hackers don't want you to know that ... defaults are dangerous
Hackers don't want you to know that ... it takes a thief to catch a thief
Hackers don't want you to know that ... attacks are getting easier
Hackers don't want you to know that ... virus protection is inadequate
Hackers don't want you to know that ... active content is more active than you think
Hackers don't want you to know that ... yesterday's strong crypto is today's weak crypto
Hackers don't want you to know that ... the back door is open
Hackers don't want you to know that ... there's no such thing as a harmless attack
Hackers don't want you to know that ... information is your best defence
Hackers don't want you to know that ... the future of hacking is bright
Crypto tutorial
VPN tutorial
Glossary
Bibliography
Index
Table of Contents provided by Publisher. All Rights Reserved.

This information is provided by a service that aggregates data from review sources and other sources that are often consulted by libraries, and readers. The University does not edit this information and merely includes it as a convenience for users. It does not warrant that reviews are accurate. As with any review users should approach reviews critically and where deemed necessary should consult multiple review sources. Any concerns or questions about particular reviews should be directed to the reviewer and/or publisher.

  link to old catalogue

Report a problem