Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Books Media Book Reviews

Building Open Source Network Security Tools 33

Mike Clark writes "There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book." Read on for the rest of Mike's review.
Building Open Source Network Security Tools
author Mike D. Schiffman
pages 424
publisher John Wiley & Sons
rating 9
reviewer Mike Clark
ISBN 0471205443
summary How to use open source libraries, such as libpcap and libdnet, to build network security tools.

Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a manager's book.

First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before, and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.

The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mentioned in the book.

I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.


You can purchase Building Open Source Network Security Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

This discussion has been archived. No new comments can be posted.

Building Open Source Network Security Tools

Comments Filter:
  • I've been looking for a book like this for a long time... All the security books that you see in bookshops are so superficial that any slashdot reader is (usually) better informed.

  • Nessus (Score:4, Informative)

    by bhsx ( 458600 ) on Monday November 04, 2002 @11:18AM (#4594199)
    For those looking for a great open source remote security scanner, check out www.nessus.org. Nessus is client/server (clients for a few platforms, server runs on unix only) scanner that runs through thousands of exploits and DoS attacks and gives you a full report on what you have open/running and how to secure it along with CERT advisories and all kinds of info. It's a great way to see just how easy it is to break into an unpatched box, whether it's *nix or win32. First few times I ran it I crashed every box on my LAN, by the fourth time I ran it, I was possitively secured. Great tool, can't say enough about it.
  • Other books? (Score:3, Interesting)

    by illsorted ( 12593 ) on Monday November 04, 2002 @11:41AM (#4594249)
    What other books would people recommend for someone interested in network security (specifically using Open Source tools)? I'm currently reading Building Internet Firewalls [oreilly.com] which has been extremely helpful to my understanding of architecture issues. Any other jems I should be looking at?

    Thanks.
  • While the reviewer seems to like this particular book, I must confess I am not sure why.

    The reviewer claims: "They (other books) don't get very technical and once you've read one, you've read them all".

    It is not clear to me what level of technical detail the book includes, nor how the book really differs from other books.

    It is also not clear if there is any focus on creating defensive security tools (monitoring tools, etc), or offensive tools (vulnerability scanners).

    I also agree with another poster: nessus is a great tool; a section in the book detailing NASL would have been nice, considering the lack of good (IMO) documentation available.
  • How about ... (Score:3, Informative)

    by Greedo ( 304385 ) on Monday November 04, 2002 @11:59AM (#4594298) Homepage Journal
    ... the /. editors take a few seconds to convert submissions with characters like ' to '.

    Picky, I know. But when the /. homepage is full of undisplayable characters because the encoding doesn't match the content, it's a bit annying.

  • ...at least, that's what Microsoft and companies like them would like you to believe.

    I've thought a lot about the idea of securing systems with open source products, and it makes sense to me. The old argument was that a potential hacker could look at the source code to invade a system, and find the weaknesses therein. But there lies the biggest strength of open souce--the fact that, indeed, everyone can see the problems with the code and contribute towards the betterment of the product.

    Let me use a rough example. If I purchase a set of blueprints from a home plan book, make no adjustments to the plan before I build it, how does this information grant a burglar any more information than simply casing the house and looking for weaknesses? That's not the best example in the world, but it'll do for now.

    True, closed-source (e.g., commercial) software doesn't have the source in full view to scrutinize, and so is ever so slightly more "secure" (at least in the minds of those purchasing the product), but reverse-engineering is still possible, and brute-force, psychological, and other hack tactics can and do work.

    Simply put, and to summarize, the idea that open-source software is insecure is simply false. In fact, it's the opposite of the truth--open-source projects benefit from a large community ensuring that all the bugs are squashed, all the holes are sealed, all the back doors are locked, and the software is more secure than anything a commercial entity could produce.
    • by Anonymous Coward
      The amount of dedicated professional time that goes into software's development is the only thing that counts. "Open source" or "closed source" is really a side issue. Your software does not become secure if/when you publish your source code. The assumption that there are crowds of elite hackers who can't wait just to tinker with it and scrutinize security holes is false. It may be the case for a few very popular projects, but that's all. An average open source project relies on a not so huge number of key contributors who really know their code inside-out and a far greater number of users who just use their work. Same can be said about a commercial project, mind you.
      • You're talking about "security through project obscurity", and I don't buy it. If I were an evil cracker, I might start with a source-based linux distribution, and search for gets in all of the source files. There are probably other obvious buffer overflows that are easily identified. Next, I figure out a way to exploit the hack. Sure, I didn't get onto every computer, but I got onto yours, didn't I?

        If anything, Open Source authors should be more alert to exploits, as I can only do this in open source software, though I'll bet a smart person could figure out how to analyze the executable to see if it uses an insecure library function, or something.
    • It wasn't hard for me to acquire blueprints of my home -- they're on file with our neighborhood association. As far as I'm aware, some branch of the US government possesses blueprints of every single major and minor structure in the country, and I do believe it's even possible for average citizens to gain access to these plans.

      Why? Because the costs of a building not built to spec greatly exceed the benefit of security through obscurity. By forcing building specifications to remain open to some degree, it becomes difficult to hide egregious faults in building design -- and thus, lives are spared.

      As I've been pointing out for some time -- every single non-military technology that mankind has considered important has tended towards greater and greater openness -- from legal systems to building codes to the contents of our food. Software is a rare exception.

      Yours Truly,

      Dan Kaminsky
      DoxPara Research
      http://www.doxpara.com
  • Complementary books (Score:4, Informative)

    by Thyrsus ( 13292 ) on Monday November 04, 2002 @01:43PM (#4594654) Homepage
    From the review, it sounds as if this book is a good antidote to the unfortunate simplification that (network security === firewall). Good!

    Nonetheless, firewalls and VPN's are still important tools in creating a secure network. My old 1995 edition of Chapman & Zwicky's "Building Internet Firewalls" has been useful to me; I've no reason to think newer versions would be any less so. If you want to build a stateful firewall, Ron Ziegler's "Linux Firewalls" does a good job with the concepts and details of iptables. Another highly recommended book is Kolesnikov & Hatch's "Building Linux Virtual Private Networks". Whenever you do security, you *must* understand what you're doing, and these authors help you do that; that understanding is portable to any OS.
  • by dwheeler ( 321049 ) on Monday November 04, 2002 @01:54PM (#4594699) Homepage Journal
    If you're trying to write secure applications, I suggest taking a look at my book Secure Programming for Linux and Unix HOWTO at http://www.dwheeler.com/secure-programs [dwheeler.com] - it's free, just download and print. I just released the 29 October 2002 (version 3.000) edition.

You know you've landed gear-up when it takes full power to taxi.

Working...