Hack I.T.

These kind of sleeves-up, hands-on reference guides to network security are always something of a double-edged sword. On the one hand, they introduce security through penetration testing (also the subtitle of this particular book) to the real-world readers wishing to ensure their defences are as watertight as they hope. But on the other hand, they open the floodgates to the wannabe hacker who can use the step-by-step instructions and accompanying software tools for sniffing, scanning, probing and password cracking.

Indeed, the blurb claims to provide 'in one convenient resource the background, strategies, techniques and tools you need to test and protect your system - before the real hackers attack'. Or perhaps more precisely, before the damage-causing amateurs read the book.

Yes, white hat hackers are a valid element in the modern security-testing environment, and only the foolish wouldn't attempt some kind of penetration testing before signing off any defence system as being secure. Yes, the authors come with creditable references in the real world, including a co-ordinator of penetration exercises for Fortune 500 companies, an 'extreme hacking' instructor, and a security tools developer. However, most of the information provided can also be gleaned from the Internet.

The main difference here is that all the information has been collected and presented together with the software required to do the job - and all for just a few quid. To say that this is tempting to troublemakers is an understatement. The serious hackers, of course, already know all this (and more).

I don't think you can teach yourself 'pen testing' by way of a book and CD, at least not from the professional perspective, and this is perhaps my main criticism. A wannabe hacker doesn't care about damage trails left behind or avenues of opportunity missed - the professional pen tester certainly does. So maybe this reference is best viewed more as a hands-on guide to understanding the skills required of such a professional and, as such, is an essential read for anyone thinking about retaining the services of a white hat hacker.

If you really want to understand the software tools side of things, there are better resources such as the Web or Hacking Exposed. While the same 'search the Web' advice stands for most areas of content, it's nice to have a handy desktop reference that helps you test for and close such weaknesses before any damage is done.

Author: Davey Winder