Portal Home |  IS News Menu |  Portal Menu |  ISB Menu |  Main Content
Resource For Security Researchers
02 Oct 10:48

Security Power Tools - New Book From O'Reilly

What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? A new book from O'Reilly Media, Security Power Tools, lets you do exactly that. In it, members of the Juniper Networks' Security Engineering team along with a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms.

Their effort culminates as twenty-three cross-referenced chapters that cover the best security tools on the planet for both black hat techniques and white hat defense tactics. Security Power Tools is packed with their tips, tricks, and general how-to advice about an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits.

While many tech books are authored by groups of programmers and engineers, few are ever completed by an entire department. Avishai Avivi, Manager of Juniper Network Security Engineering team, and overseer of the book writing process writes, "When we were approached to write this book, I had some mixed feelings about the effort and time it would take...My group's knowledge of these tools comes through years of working and applying them."

The book also contains three chapters written by two security experts outside of the Juniper Networks Security Engineering team: Philippe Biondi, who is well known for his work on exploits, and a fascinating introductory chapter on Ethics and the Law, written by Stanford University's Jennifer Statis Grannick.

The book is divided into six main technical sections:

  • Reconnaissance - including tools for network scanning such as nmap, vulnerability scanning tools for Windows and Linux, LAN reconnaissance, tools to help with wireless reconnaissance, and custom packet generation
  • Penetration - such as the Metasploit framework for automated penetration of remote computers, tools to find wireless networks, exploitation framework applications, and tricks and tools to manipulate shellcodes
  • Control - includes the configuration of several tools for use as backdoors, and a review of known rootkits
  • Defense - includes host-based firewalls, host hardening for Windows and Linux networks, communication security with SSH, email security and anti-malware, and device security testing
  • Monitoring - such as tools to capture and analyze packets, network monitoring with Honeyd and snort, and host monitoring of production servers for file changes
  • Discovery - includes The Forensic Toolkit, SysInternals, and other popular forensic tools

"Jump in and out and then try something new--play with it on your laptop, then try another tool," encourage the writers. "We think this is the best way to not only use the book but to adapt it to your expertise, instead of the other way around."

Nicolas Beauchesne, Bryan Burns, Chris Iezzoni, Paul Guersch, Dave Killion, Michael Lynn, Steve Manzuik, Eric Markham, Eric Moret, and Julien Sobrier are all part of Juniper's Security Engineering Team led by Avishai Avivi, Senior Manager, Security Engineering, who wrote the forward to the book. Philippe Biodi is a research engineer at EADS Innovation Works and the creator of many security tools and programs, such as Scapy and Shell-Forge. Jennifer Stisa Granick has been the Executive Director of the Center for Internet and Society at Stanford Law School, where she taught Cyberlaw, and recently became the Civil Liberties Director with the Electronic Frontier Foundation.

Related links: (Open in a new window.)
External link www.oreilly/catalog/9780596009632

View Printable View printable version (opens in new window)
Back Back