Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Hacking Exposed: Network Security Secrets & Solutions

Read a review of the security book Hacking Exposed: Network Security Secrets & Solutions (Fifth Edition).

Hacking Exposed: Network Security Secrets & Solutions (Fifth Edition)
By Stuart McClure, Joel Scambray and George Kurtz
McGraw-Hill/Osborne Books, 692 pages, $49.99


Hacking Exposed: Network Security Secrets & Solutions (Fifth Edition)

The original Hacking Exposed caused quite a controversy when it was published in 1999. Since then, the authors' "set a thief to catch a thief" approach has become the de facto method of an entire genre. The fifth edition, the first in two years, tries to refit the flagship title with a new arsenal of tools--but it comes up a bit short, literally.

A lot has changed in the exploit world since the last edition, and the authors have had their hands full simply keeping the material current. Many chapters have been updated while still mentioning the reliable hacker standbys like the LSASS or PCT Windows vulnerabilities that still form the basis of today's botnets.

The network footprinting chapter has undergone substantial revision. As domain registrars and IP address registries continue to make it difficult for the bad guys to abuse their services, they've also made it more difficult for legitimate users to mine information. This fifth edition focuses more on basic Web-based searches for public information than did previous editions, but this is largely a result of other search methods being decommissioned or severely restricted by their owners.

The authors have also added several chapters. In a departure from the Hacking Exposed formula, wireless hacking and secure programming are covered at a relatively high level. But, these chapters won't be enough to implement an audit or restructure a software development program, and should be considered overview material.

But, the expanded content comes at a price: This edition is a few pages shorter than the previous one, and, presumably to add the new sections, topics had to be pared down or cut entirely. The amount of coverage given to legacy systems such as Novell NetWare and Windows 95/98/ME/NT/2000 (most of which are still in use) has been dramatically reduced, leaving the fifth edition to deal almost exclusively with Windows XP and Windows Server 2003.

Overall, Hacking Exposed: Network Security Secrets & Solutions continues the tradition of delivering hands-on hacking and defense instructions in a clear, straightforward manner. While the new sections add some value, they are more than offset by the corresponding deletions of still-relevant material. Most readers will probably want to stick with their copies of the fourth edition.

--David Bianco

Top Shelf
Visit's Information Security Bookshelf for chapter downloads from these books and more.

Mergers and Acquisitions Security
By Edward Halibozek and Gerald Kovacich; Elsevier

Cybercrime: Incident Response and Digital Forensics
By Robert Schperberg
Information Systems Audit and Control Association

Mobile IPv6: Mobility in a Wireless Internet
By Hesham Soliman
Addison-Wesley Professional

Phishing: Cutting the Identity Theft Line
By Rachael Lininger and Russell Dean Vines
John Wiley & Sons

Exploiting Software: How to Break Code
By Greg Hoglund and Gary McGraw
Addison-Wesley Professional

Knowing Your Enemy: Learning About Security Threats
By Lance Spitzner
Addison-Wesley Professional

Article 10 of 15

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All