|BackTrack 4: Assuring Security by Penetration Testing|
|author||Shakeel Ali, Tedi Heriyanto|
|reviewer||Rick J Wagner|
|summary||Covers the core of BackTrack with real-world examples and step-by-step instructions|
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.