Thursday, May 5, 2011
Book Review for 'BackTrack 4: Assuring Security by Penetration Testing".
Book Review for 'BackTrack 4: Assuring Security by Penetration Testing". White hats, get a copy now before the bad guys snap them all up.
I've just finished reading Packt Publishing's new book "BackTrack 4: Assuring Security by Penetration Testing". The book is meant to be a how-to guide for using BackTrack 4, a freely available Linux distribution whose sole purpose is to provide a platform for a hacker's arsenal. I'd never looked at Backtrack before, but believe me, it's a site to behold.
The distribution, once downloaded, can be installed on a machine or run as a 'live' DVD. (The book covers all this, naturally.) Once booted, the user has a *whole operating system* loaded to the gills with tools meant for breaking into computer networks and vulnerable hosts. It is frightening in it's scope.
The book is written for good guys, of course, so it includes a good amount of text that's of use to security professionals. It covers how you should make your agreements with the system owners you are assessing, the kinds of reports you should prepare, and a very useful framework for disciplined testing. The framework breaks penetration testing into discrete phases.
The first 'hacking' phase is Information Gathering. Here the user is introduced to about a dozen tools that can be used to find domain names, IP addresses, host names, and other information about the target environment.
The next phase is Target Discovery. Here the user finds hosts and identifies operating systems. Again, about a dozen different tools are presented.
The next phase is Target Enumeration. This phase allows the user to discover which ports are available, which services are offered, and what kinds of VPN are in use.
Once all this information is gathered, the user can proceed to Vulnerability Mapping. Here, another good sized set of applications are available to help the user determine what kinds of vulnerabilities exist in the target machines. This logically leads into the chapters on Target Exploitation, Privilege Escalation, and Maintaining Access.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here.
So what did I think of the book? At first glance, honestly, I was unimpressed. Just picking up the book and thumbing through it revealed a great number of very brief introductions to tools. You'd see many pages where a tool is introduced, then given just a page or two of instructions on how to invoke it and what output to expect from it. It was only after I started actually reading the book that I realized the tools were neatly categorized (as explained above) and that the brevity of the introduction was soley because the authors already filled 350 pages and probably simply couldn't practically include more detail.
I've never intentionally hacked another system, but I have at times used tools like WireShark to observe network traffic as I sought to untangle some security problem or communications glitch. This book has provided me with several ideas for similarly useful tools, and introduced me to several I have no intention of ever using. (Unless I should decide to one day become a security consultant, and offer to hack into systems for profit. In that case, I'll make myself familiar with all the tools in the BackTrack toolkit.)
If your livelihood depends on a secure site, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
The book can be found here.
Happy (ethical) Hacking!