Book Reviews: Information Security Books and Product Reviews – Chained Exploits

Book Title: Chained ExploitsSubtitle: Advanced Hacking Attacks from Start to FinishAuthor(s): Andrew Whitaker, Keatron Evans, Jack B. Voth

Publisher: Pearsons Education Inc

Date of Publishing: February 2009ISBN(13): 9780321498816

Price (UK&US price – full price, not discounted price): £36.99,  $49.99

URL of Amazon UK web page: Chained Exploits: Advanced Hacking Attacks from Start to Finish

URL of Amazon UK (Kindle) web page: Chained Exploits: Advanced Hacking Attacks from Start to Finish

URL of Amazon US web page: Chained Exploits: Advanced Hacking Attacks from Start to Finish

URL of Amazon US (Kindle) web page: Chained Exploits: Advanced Hacking Attacks from Start to Finish

I have been involved in computer security for over 30 years, starting in physical security and then moving into IT Security. Having been involved in security testing from a physical and logical perspective, the topic of IT security testing has always been of interest to me and I have read a number of “Hacking” books.This book is not big, consisting of 279 pages and comprising 8 chapters. It has a logical flow starting with simple chained exploits, up to more complicated and intricate exploits and espionage. The book provides a good spread of exploits, from the standard hack to physical intrusion and Corporate Espionage. This demonstrates a variety of interlinked exploits, which are woven into stories; and the story examples are good as they make it easy reading, however, it can sometimes read like a thriller at times when the author adds drama, tending to distract the reader and take away from the seriousness of the subject.The author certainly goes into good detail about the different aspects of exploits and explains how they are put together, along with how to make use of the some good tools. It provides a good insight into the mind of someone who is trying to attack a system or company, which enables security professionals to think like an intruder (the phrase “Know your enemy” comes to mind when reading this).It provides a good overview of the differing countermeasures and protection to help reduce the opportunities provided to an attacker. One example of this is educating staff about posting company information and issues on forums and challenging strangers within the building.There are some key messages within the book that include the fact that information security is not only about the technologies but also physical security and people. The book provides examples of occasions where it is the people that unwittingly help intruders by naively providing information to callers or posting on forums, or maybe by simply being helpful in letting someone into the building that looks like they belong.

This book should be read by novice and seasoned security professionals to provide an insight into the attackers mind. I would also recommend it to IT professionals and senior management as it provides a focus on security especially in times when there is pressure to reduce staff, costs and increase a company’s competitive edge; this is when staff look to supplement their earnings and companies look for ways to get ahead of the competition using corporate espionage.

The book offers a good description of attacks, especially the fact that a compromise is very rarely a single attack but instead a series of differing attacks. It also makes a clear point that the hacker has the time to investigate and test the attack vectors until the perfect compromise has been developed.

Marks: 4 out of 5
****