Customer Review

5.0 out of 5 stars IT security classic, 13 Aug. 2013
Verified Purchase(What is this?)
This review is from: The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (Hardcover)
Although a somewhat old book now at 8 years old, both the author and publication are well known subjects in the security world. No matter your opinion of the author who has collated the stories from various black hat sources (and who himself famously spent time in incarceration prior to this for IT systems penetration) it's worthwhile to read the publication in order to 'know your enemy' as Sun Tzu would have advised.

Since it's a collection of what appear to be true stories of penetrations of organisations systems, it's a welcome break from drier more technical publications that you might be used to as revision reference and similar. The book features less on technical procedures, checklists and exact tools/procedures and facts and more on the process and social engineering behind real world penetration attacks against the IT industry - as such the book ages well and is still insightful despite the age.

It feels like the majority of stories revolve around the attackers finding overlooked small flaws in a sites security, and then spending time turning this single flaw into a larger penetration, growing in depth of compromise over time. This is quite a contrast to the usual mainstream view of a single flaw causing the compromise of an organisation - the book implies that it's more likely a string of flaws, each on its own not a great issue (and probably existing due to lack of staff time or knowledge) but when combined they provide an attacker with a route in.

The story of the attacker who spends a year breaking into a company also challenges the traditional view of attackers that compromise a system, cause damage or send as much spam as possible until detected and then the issue is fixed by the IT staff. Instead the attacker gets access and spends time slowly moving through the network to get to the desired systems (in this case a source code repository).

Another eye opener is the scorn the attackers repeatedly give towards systems when the systems administrators dont take action against persistent obvious attacks. It's hard to read the book and not come away thinking that perhaps it really is time to cure the false positives coming from the organisations intrusion detection system and pay some real attention to configuring it. You think of your own organisations systems, and the minor outstanding security measures you've been meaning to spend time on but other tasks took priory. It's a healthy kick in the posterior to pay attention to both due care in setting up security prevention and detection systems and due diligence in monitoring the resulting logs (and taking action when necessary).

The book is an IT security classic which ages well in terms of technical content (due to the discussion of timeless subjects such as social engineering rather than software versions) and should be required reading for IT professionals, especially those who might be feeling that their IT security is impenetrable.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Be the first person to comment on this review.

[Add comment]
Post a comment
To insert a product link use the format: [[ASIN:ASIN product-title]] (What's this?)
Amazon will display this name with all your submissions, including reviews and discussion posts. (Learn more)
Name:
Badge:
This badge will be assigned to you and will appear along with your name.
There was an error. Please try again.
Please see the full guidelines ">here.

Official Comment

As a representative of this product you can post one Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
The following name and badge will be shown with this comment:
 (edit name)
After clicking on the Post button you will be asked to create your public name, which will be shown with all your contributions.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.  Learn more
Otherwise, you can still post a regular comment on this review.

Is this your product?

If you are the author, artist, manufacturer or an official representative of this product, you can post an Official Comment on this review. It will appear immediately below the review wherever it is displayed.   Learn more
 
System timed out

We were unable to verify whether you represent the product. Please try again later, or retry now. Otherwise you can post a regular comment.

Since you previously posted an Official Comment, this comment will appear in the comment section below. You also have the option to edit your Official Comment.   Learn more
The maximum number of Official Comments have been posted. This comment will appear in the comment section below.   Learn more
Prompts for sign-in
 


Review Details

Item

Reviewer


Location: UK

Top Reviewer Ranking: 32,582