By
Michael Gregg, President, Superior Solutions, Inc.
Stephen Watkins, CISSP, Information Assurance Analyst at Regent University
George Mays, CISSP, CCNA, A+, Network+, Security+, INet+
Chris Ries, Security Research Engineer for VigilantMinds Inc.
Ronald Bandes, CISSP, CCNA, MCSE, Security+, Independent security consultant
Brandon Franklin, GCIA, MCSA, Security+
Description
This book looks at network security in a new and refreshing way. It guides readers step-by-step through the "stack" -- the seven layers
of a network. Each chapter focuses on one layer of the stack along with the attacks, vulnerabilities, and exploits that can be found
at that layer. The book even includes a chapter on the mythical eighth layer: The people layer.
This book is designed to offer readers
a deeper understanding of many common vulnerabilities and the ways in which attacker’s exploit, manipulate, misuse, and abuse protocols
and applications. The authors guide the readers through this process by using tools such as Ethereal (sniffer) and Snort (IDS). The sniffer
is used to help readers understand how the protocols should work and what the various attacks are doing to break them. IDS is used to
demonstrate the format of specific signatures and provide the reader with the skills needed to recognize and detect attacks when they
occur.
What makes this book unique is that it presents the material in a layer by layer approach which offers the readers a way to
learn about exploits in a manner similar to which they most likely originally learned networking. This methodology makes this book a
useful tool to not only security professionals but also for networking professionals, application programmers, and others. All of the
primary protocols such as IP, ICMP, TCP are discussed but each from a security perspective. The authors convey the mindset of the attacker
by examining how seemingly small flaws are often the catalyst of potential threats. The book considers the general kinds of things that
may be monitored that would have alerted users of an attack.
Audience:
The book has a broader market than most pure hacking books. While pure hacking books focus exclusively on the security market, this book
targets the information needed for IT security professionals, those involved in networking, programmers, and general IT specialists.
There are many people in the world of IT that may not be full-time security professionals but have the need to understand security and
apply it to their job. Anyone that has a basic understanding of networking and security concepts can gain from this book.
